1. Home
  2. United States
  3. Maryland Heights
  4. Risk Assessor
  5. chosen country US United States
Please scroll down, To apply

Risk Assessor

hiring now

SPECTRUM

2021-12-03 08:55:51

Job location Maryland Heights, Missouri, United States

Job type: fulltime

Job industry: I.T. & Communications

Job description

JOB SUMMARY
Leverage industry and technical expertise to assist leadership teams to effectively address enterprise security risks by performing risk assessments through questionnaires, interviews, and key control testing. Enhance internal audit functions to further align to organizational strategy and risk and identify opportunities to effectively mitigate risk and improve business performance by increasing value and reducing costs of compliance-related activities. In addition, apply the concepts of Enterprise Risk Management to help organization identify, assess, and mitigate emerging risks.

MAJOR DUTIES AND RESPONSIBILITIES

  • Actively and consistently supports all efforts to simplify and enhance the customer experience.
  • Conduct technical risk assessments for the enterprise to identify threats, risks, and controls through governance, compliance, identification, and validation.
  • Perform IT Technical audits involving internal and external audits, technology focused risk assessments, third party security assurance activities, and vendor based systems.
  • Conduct testing of compliance controls by reviewing documentation and evidence, performing observations, and documenting results.
  • Provide oversight to security assurance activities and programs to include governance, policy, control design, general operational effectiveness and internal controls.
  • Manage all project planning and execution for risk assessment processes to identify and address department/organizational risks.
  • Identify findings during risk assessments and make recommendations to improve security infrastructure by maintaining deep subject matter expertise of technical and operational information security, technical privacy, and/or standard industry practices.
  • Define the security controls and processes appropriate for department and/or organization post assessment leveraging thorough technical and operational knowledge of Information Security best practices and industry standards
  • Provide guidance on risk assessment process and procedures, requirements, and controls to leadership teams in order to understand risk findings and implement control solutions to prevent reoccurrences.
  • Consult on remediation of findings discovered during audits and control testing.
  • Perform other duties as assigned.

REQUIRED QUALIFICATIONS
Skills/Abilities and Knowledge
  • Ability to read, write, speak and understand English
  • Knowledge of control testing the following audit/assessment frameworks:
o Payment Card Industry (PCI), Sarbanes Oxley (SoX),
o Health Insurance Portability and Accountability Act (HIPAA),
o National Institute of Standards and Technology (NIST 800-53),
o Customer Proprietary Network Information (CPNI),
o Other authoritative sources related to specific business situations.
  • Knowledge of technical aspects to complete projects in the following areas: IT Audits, IT Risk Management, Information Security and/or Technical Privacy
  • Experience in audit and/or Information Security practices and frameworks for large organization
  • Knowledge of Information Security strategy, organization, policy and Governance
  • Basic knowledge in utilization of network and application security assessment tools and methodologies to manage and address security and control issues with the following technologies: UNIX, Windows Servers, databases (Oracle, SQL, DB2, etc.), mainframe, firewalls, routers, wireless environments, mobile devices, and cloud computing.
  • Ability to translate technical terms to non-technical (business) colleagues and non-technical (business) terms to technical colleagues.
  • Ability to be adaptable and flexible while working in a dynamic environment
  • Foster and maintain relationships with key stakeholders, departmental leadership, and business partners
  • Excellent verbal and written communications skills

Education
Bachelor’s degree in BA or BS Management Information Systems, Computer Science, Accounting, and / or business related discipline, or equivalent work experience

One of the following or equivalent certifications required or actively pursuing:
• Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA) certifications
• Complimentary- Certified Ethical Hacker (CEH)
• Or other related certifications.

Related Work Experience
  • 4+ years of IT/IT Security and/or Corporate Risk/Audit Work experience
  • 3+ years of IT Risk Management and/or IT Internal Audit including experience in Information Security & Technical Privacy.
WORKING CONDITIONS
Office environment
ISE315 296248 296248BR

Inform a friend!

Similar jobs

Nearby jobs

IT Support Specialist Adrian

Warehouse Clerk Saint Peters

Papa Pals Caregiver Linn

Top