STRATEGIC STAFFING SOLUTIONS (S3) HAS AN OPENING!
IT Security Risk Analyst
Detroit, MI / Remote in EST/CST
6+ Months with extension
W2 Contract engagement
Job Description:
Provides information security risk knowledge and serves as a specialist to identify, prioritize, and collaboratively mitigate cyber risk enterprise-wide. Responsible for the following:
- Plan, coordinate and conduct security risk assessments for information systems and third parties
- Compose reports, assessments, and other documents to provide decision support on information security risks and controls for executives, system owners and management
- Assess the likelihood and impact of adverse events and recommend effective controls and mitigations to management
- Research, analyze and report on the cybersecurity risk of doing business with third parties
- Facilitate the response and mitigation of third party security incidents
- Support the continuous improvement and implementation of Information Security Policies, Standards, Processes, and Procedures
- Contribute to the enhancement and implementation of the information security risks & controls library
- Perform control assessments to determine if cybersecurity controls are effective and in compliance with applicable requirements
- Establish and implement effective security awareness practices across the System, including training, phishing, and communications.
MINIMUM QUALIFICATIONS
- Bachelor s degree or an equivalent combination of education and experience.
- Minimum of three (3) years of progressive experience in Information Services including one (1) year in information security, including experience in compliance with federal and state security regulations
- Certified Information Systems Security Professional (CISSP), International Social Security Association (ISSA), Certified Information Systems Auditor (CISA) or equivalent
- Must possess a general understanding of enterprise security best practices relating to implementing and managing enterprise security solutions.
- Working knowledge of one or more information security regulations and/or frameworks; i.e. HIPAA, ISO 27001/2, FISMA, FIPS, and NIST security.
- Experience with administrative and technical assessments as well as enforcing organizational
*Beware of scams. S3 never asks for money during its onboarding process