Posted: Friday, August 4, 2017 9:32 PM
Our Senior Technology Risk Analyst team helps clients address the risks surrounding their IT environment; information governance; information security and privacy; business continuity and disaster recovery. We provide transformational services that have lasting impacts on the way in which our clients optimize their technology investments and manage value, cost and risk. The Senior Technology Risk Analyst is responsible for leading field engagements in assisting in the creation of multi:faceted vulnerability management solutions tailored to client environments. This individual will also evaluate client vulnerability management programs across people, process and technology.Performing technology risk assessments and reviewing, documenting, evaluating and testing general computer controls including access controls, change management, security, backup controls and operation controls, in a wide range of computing environments.Performing IT compliance audits, internal audits and SOC 1 and SOC 2 readiness reviews and attestationsReviewing system configurations and device configurations using manual and automated techniquesDetermining the technical and business impact of identified issues and providing remediation guidance to clients.Assisting in the creation or review of information security policies, standards, procedures and plans (BCP, DR, and Incident Response) to support the clientA?s information security needs and governance requirements.Stay abreast of current business and industry trends relevant to the clients business.Establish and maintain effective business relationships with client management.Collaborate with the engagement team to plan the engagement and develop work programs, timelines, and planning documentation.Work with the team to document the business processes (IT dependent) and perform system flowchartingDemonstrate and apply strong project management skills and use current technology and tools to enhance the effectiveness of deliverables and services.Understand engagement economics, including monitoring and communicating project status and appropriate financial metrics to key stakeholders. Specialized Knowledge and Skills: Experienced with security and risk standards including ISO 2700, PCI DSS, NIST, ITIL, COBIT.Hands on operational experience with vulnerability management tools including the ability to deploy, configure, and run these tools.Experience with and knowledge of privacy laws and regulations.Technically knowledgeable in cross:platform system security : particularly with regard to operating systems, databases, networking and transactional processing environments.Proficiency with a variety of operating systems and open source database management systems (MySQL, MS:SQL, Oracle) is a plus.Practical hands:on experience with IT infrastructure components such as servers, firewalls, IDS systems and other network infrastructure components.Bachelors degree, ideally in Computer Science or equivalent, and a minimum of 3 years of related work experience, or a MasterA?s degree and 2 years of related work experience.Certified Information Systems Auditor (CISA) or pursuing certification.Active membership with ISACA.Strong knowledge of established IT governance frameworks.Strong knowledge of the Trust Services Principles.Ability to examine issues both strategically and analytically.Strong analytical and problem:solving skills.Strong report writing and communication skills.Motivated / self:starter able to work collaboratively in a team environment on multiple engagements.A valid drivers license in the US; willingness and ability to travel domestically to meet client needs.
• Location: Manhattan
• Post ID: 124529903 manhattan