IT Risk Compliance Analyst
Berkley Technology Services LLC
Full Time Des Moines , Iowa, United States Posted 7 months ago
About Position
IT Risk Compliance Analyst (Full Time)
$0.00 / Hourly
Des Moines , Iowa, United States
IT Risk Compliance Analyst
Full Time Des Moines , Iowa, United States Posted 7 months ago
Skills
Experience with conducting IT/Cybersecurity audits risk assessments privacy assessments. Familiarity with CMMI FAIR NIST CSF ISO-27001 CSC 18 and Privacy regulations. Experience with providing remediation recommendations for issues/findings. Experience with GRC tools (such as Archer ServiceNow etc.) and project management tools (Jira). Ability to lead walkthroughs and assessments with minimal oversight. Highly effective communication skills for management and sr. leadershipDescription
We are seeking a skilled and experienced cross-functional Governance, Risk, and Compliance consultant that can work with IT Compliance and IT Risk on assessments, testing, reporting, and risk analysis within the Information Security Program.
Responsibilities
- Assessments: Perform Risk Assessments to ensure proper design and associated risks (inherent and residual) for systems, environments, and domains analyzed.
- Ability or understanding to gather information to determine threat event frequencies, loss event frequencies, susceptibility, and impact.
-
- Testing: Ability to test the design and operating effectiveness of quarterly/re-occurring IT controls that support our regulatory assessment programs (SOX, NYDFS, etc.).
- Ability to determine proper design of processes and ineffective processes and key elements of an effective process design.
- Understanding of key control points and able to perform walkthroughs and/or review of evidence to determine operating effectiveness.
-
- Risk Identification and Mitigation: Collaborate with cross-functional teams to identify emerging risks, assess their potential impact on the organization, and develop mitigation strategies.
-
- Reporting: Ability to contribute towards creating reports for different audiences for IT and non-IT stakeholders (senior management, executive leadership, system owners, and relevant stakeholders) to facilitate decision-making and drive continuous improvement efforts.
By applying to a job using PingJob.com you are agreeing to comply with and be subject to the PingJob.com Terms and Conditions for use of our website. To use our website, you must agree with the Terms and Conditions and both meet and comply with their provisions.