Technology Partners is currently seeking a talentedÃ¿Â Lead IT Security Risk Analyst (148470). Do you have experience with Security Risk Management? Let us help you make your next big career move a reality!
What You Will Be Doing:
The Information Security Office is seeking a Lead IT Security Risk Analyst (Analyst 3) to join the Governance, Risk, and Compliance organization. In this pivotal role, you will have a direct impact on our organization’s security posture, primarily focusing on conducting technical security risk assessments and supporting the security risk management program. We are seeking a candidate who is highly analytical, inquisitive, driven, and organized, with a strong, diverse technical background. Effective communication, both verbal and written, is crucial. We value collaboration and adaptability, as well as the ability to translate technical requirements into common language. We need someone who can identify vulnerabilities and threats, evaluate security controls, and present findings concisely in a risk context.
- Maintain a deep understanding of the company’s security policies, technologies, security controls, and stakeholders.
- Assess and communicate external threats and their relevance to our environment, aligning threat events with security capabilities and controls.
- Conduct risk assessments of IT applications, systems, solutions, and environments, varying in scope from technical controls to broad, enterprise-wide risks.
- Define assessment scopes by identifying threat events, systems, and controls.
- Identify vulnerabilities, analyze potential exploitation scenarios, assess applicable security controls, and evaluate potential impact.
- Review network diagrams and configurations to validate technical control design and implementation.
- Identify Subject Matter Experts, formulate interview questions, and conduct assessments.
- Conduct interviews, adjust questioning based on information received, and analyze evidence.
- Develop and deliver reports and summaries tailored for different audiences, including executives.
- Provide technical leadership, mentoring, and guidance to team members.
- Contribute to the development and enhancement of security assessment methodologies and operational processes.
- Apply cybersecurity and privacy principles to department-level requirements and security policies.
- Offer subject matter expertise in policy content and security requirement applicability.
- Incorporate security and compliance considerations into all decisions and daily responsibilities.
Required Skills & Experience:
- Must be authorized to work in the U.S. without requiring work authorization sponsorship.
- Commitment to integrating security into all decisions and responsibilities.
- Bachelor’s degree in Computer Science, Computer Information Systems, or Management Information Systems.
- 5+ years of related experience in Information Technology and Information Security.
- 5+ years of experience in Information Security conducting technical risk analysis or assessments across multiple technology domains.
- Security certification such as CISSP or equivalent technical expertise.
- Experience analyzing threats or assessing control effectiveness in areas such as firewalls, web application firewalls, server hardening, network infrastructure, endpoint and network detection & response tools, and secure application development.
- Familiarity with cybersecurity frameworks like CIS Critical Security Controls and MITRE ATT&CK/D3FEND.
- Exceptional problem-solving and analytical skills.
- Detail-oriented with strong organizational and prioritization abilities.
- Flexibility and adaptability to evolving requirements while delivering high-quality results.
- Excellent communication skills, including clear and concise articulation.
- Advanced proficiency in Microsoft Excel; proficiency in other Microsoft Office applications.
Desired Skills & Experience:
- Knowledge of assessing cloud computing controls.
- Experience in scripting automation or application programming.
- Experience developing security requirements in policies or standards.
- Familiarity with productivity, documentation, and collaboration tools (e.g., Jira, SharePoint, Confluence).
We are interested in every qualified candidate who is eligible to work in the United States. However, we are not able to provide sponsorship at this time or accept candidates who would require a corp-to-corp agreement.
If this position sounds like you, WE SHOULD TALK!
Your better future is ready, and we want to put the right tools in your hands to get you there. Let’s go!
Keywords: Security, Audit, Vulnerability, CISSP, Mitre Att&ck
Looking for more opportunities with Technology Partners? Check out technologypartners.net/jobs!
All offers of employment at Technology Partners are contingent upon clear results of a thorough background check and drug screening that meet corresponding laws and regulations at the city, state and federal level.