Previous Job
Previous
Security Specialist - Risk Management
Ref No.: 17-02676
Location: Glendale, Arizona
Security Specialist - Risk Management
Glendale, AZ
6 Month Contract

Job Description
  • The Information Security Specialist as part of the risk management team will safeguard information system assets by analyzing the security requirements of the Client's Information systems to identify and solve potential and actual security risks.
  • This function will perform regular and ad-hoc risk assessments and follow up on remediation activities to update risk posture on implemented security controls.
  • Some of the other key activities include reviewing and recommending existing security policies, assessing that procedures are implemented in accordance with the security policy and standards, and that security metrics are being measured to provide snapshot of overall security governance and risk posture for the organization.
  • The specialists in our team must analyze security requirements, measures, and concerns to help the business and operational teams in developing effective strategies for mitigating security risks.
  • This person should also have the knowledge of industry best practices for supporting the security of information systems and related techniques in order to handle the confidentiality, integrity, and availability of the sensitive information.
  • This specialist must have an excellent understanding of current security standards, protocols, up-to-date knowledge of security threats and risks, related mitigation skills along with project management experience.
  • Develop an in-depth picture of the organization's security posture through risk assessments including but not limited to interviewing stakeholders, management and other executives, reviewing compliance with security policies and standards, documentation, following up and validate remediation, and analyze the security and governance infrastructure.
  • Lead risk management assessments and report findings to the appropriate stakeholders
  • Support workforce members at the highest levels in the implementation, remediation, monitoring, and maintenance of security policies, standards, and security corrective actions across the organization, leveraging sound technical knowledge and security concepts.
  • Perform all types of risk assessments on security controls enterprise-wide.
  • Minimize security threats by examining governance, infrastructure, applications, systems, devices, and facilities to identify security flaws, using risk analysis and follow up on corrective action plan
  • Present findings in a professional manner, recommending mitigations either via new technology, alternative compensating controls, or policy modifications for improving overall security posture.
  • Support security training and awareness program by providing ideas and contents to the training teams as well as conducting presentations on hot security topics for the stakeholders, as needed
  • Work within RSA Archer to managed findings, remediation plans, and exceptions.
Education/Experience
  • 3-5+ years performing risk management responsibilities in relation to Information Technology- as a Security Analyst, Security Specialist, etc.
  • Knowledge and experience in dealing with risk management processes such as findings, remediation, and exceptions
  • Knowledge in conducting controls based assessments
  • Strong understanding of Information Technology
  • Strong understanding of Information Security control standards
  • Proven experience performing risk management assessments
  • Demonstrated ability to collaborate with all levels of an organization
  • Understanding of continuous improvement and ability to effectively incorporate into daily work.
  • Effective partnering, communications and facilitation skills
  • Ability to translate and communicate information security standards with internal business units and Client vendors
  • Strong process analysis and modeling skills along with direct experience converting business requirements into action oriented technical objectives and measurable results
  • Team player able to work effectively at all levels of an organization with the ability to influence others and move toward consensus
  • Strong situational analysis and decision-making abilities
  • Bachelor's degree or equivalent as related to Information Technology, Audit, Accounting or equivalent
Preferred
  • Knowledge of penetration testing is a plus