Description
Great opportunity to work with Fortune 500 company in Atlanta!
Information Security Analyst
This position will work directly within the Information Security department and be responsible for processing, evaluating, and performing limited risk assessment activities. This individual will triage incoming Supply Chain requests to determine the inherent risk of the services being commissioned by the third party service providers and what level of engagement is required by the team.
Activities
- Import data from Supply Chain software into Access Web App on a daily basis.
- Requires intermediate knowledge of Access and Excel to perform importing and query functions.
- Disseminate inherent risk questionnaires to internal stakeholders for completion.
- Monitor responses from internal stakeholders and escalate issues as necessary.
- Evaluate results of risk questionnaires and determine if additional due diligence is required.
- Assist with due diligence related activities for new and existing service providers, such as reviewing evidence provided by the third party supplier.
- Collaborate with senior members of the information security team to understand the effectiveness of vendors control environment, such as internal and external audit reports, PEN test results, policies, standards, procedures, onboarding and termination processes, etc.
- Coordinate WebEx and conference calls to gain additional insight and/or clarify responses to completed questionnaires.
- Maintain accurate record keeping and help ensure SLA/SLO objectives are met for the department.
- Assist with the development and creation of security metrics for risk assessment related activities.
Requirements
- College Degree - 4 Year Education.
- CISSP or CISA certifications preferred.
- Familiarity with third party service agreements such as Master Service Agreements, Professional Service Agreements, Software License Agreements, etc. preferred.
- 3+ Years of Information Security Related Experience.
- Experience with SQL, Access and Excel (Intermediate to advanced level).
- Prefer Experience with one or more of the following: Auditing/Assessments (PCI DSS, SOX 404, HIPAA, PII), Develop/Implement Security Documentation (Policies, Standards, Procedures), Vulnerability Management, Internal Penetration Testing, Security Incident Response, and/or Penetration Testing.
- Programming/Development experience preferred.
- Strong initiative, collaborative, detail oriented, with analytical skills recommended.
- The role requires a balance of both technical and interpersonal skills and the ideal candidate must effectively manage their time, workload.
Candidates local to Atlanta only please!