Description
A top financial firm is searching for a Information Security Risk Assessor to join the Taylorsville, Utah office ASAP.The main purpose of this role would be to perform functions related to Information Security and Risk Assessment and Controls Monitoring to ensure compliance with the firm's Global Information Security policy and regulatory requirements across all business units.
Responsibilities
- Interview, gather, review, analyze and author Data Flow Diagrams and other corresponding Business flow charts to aid in Risk Assessment
- Gather relevant information and documentation, review and determine the scope of applicability for respective Risk Assessments
- Perform Application and Infrastructure security risk assessments for applications, applying the Risk Assessment standards established and generate required documentation according to the process defined.
- Maintain an up-to-date task list in the risk assessment queue and provide regular status reports on progress.
- Interface regularly with staff from various departments (e.g. IT, Operational Risk, Internal Audit, Legal and Compliance), to gather materials and information for security evaluation process, communicating risks found and assist in remediation plan development.
- Track and report on remediation activity status and/or insure that risks not remediated are communicated to the ARM team for inclusion in the risk register.
- Assist in the development of additional controls monitoring tools, reports, processes. Perform periodic self-certification testing on the IT/IS environment.
Requirements
- Bachelor's Degree or equivalent experience in Information Technology
- 5+ years experience in Information Security with minimum 3 years hands-on experience in any of the security roles of Network, Operating System, Application or Database administration combined with Risk Assessment responsibility
- Financial Industry Regulatory requirements and specifically FFIEC security requirements
- Excellent problem solving, analytical, communication, organization, task and time management skills
- Industry certifications a plus (CISSP, CISA, CISM, CEH)
To find out more about Huxley Associates please visit www.huxley.com