Back to technology job listing

Info Security Analyst 3

Info Security Analyst 3
Jersey City, NJ
1-6 Months

Tekmark Job Number:


Job Title:

Info Security Analyst 3

Job Location:

Jersey City, NJ

Job Category:

IT - Architect/Engineer - Security

Required Skills:

Security Policy, security, ISO-9001, CISSP, Archer
Job Description
Client is seeking an Info Security Analyst 3

Intake Notes:
-Must have third party risk assessment experience at least 5-7 years.
-SIG (Shared assessment gatherings) knowledge preferred -Archer knowledge preferred -Should be able to complete 5-6 assessments a month -Financial experience highly preferred

-The CLIENT's Security Risk Management (SRM) Group, under the leadership of the Chief Information Security Officer (CISO), is tasked to protect information assets in support of client business objectives and in conformity with CLIENT'S policies.
-The Vendor Assessment Team is a core function of SRM and is primarily responsible for ensuring that Third party systems are engineered and designed in a secure manner.
-The Vendor Assessment and Operations Analyst will be focused on the analysis and management of vendor risk and is primarily responsible for performing, reviewing, analyzing, and reporting on the results vendor risk assessments.
-The Vendor Assessment Sr. Analyst will work with internal business units, third party vendors, and security risk management to analyze and report risk.
-Conduct third party risk assessments aligned with ISO and NIST standards Review completed SIG questionnaires based on vendor inherent risk
-Perform vendor documentation review and analysis Perform onsite assessments of vendor facilities -Identify and measure risk associated with vendor security controls
-Document risks and recommendations based on a vendors lack of controls
-Risk rank findings based on likelihood and impact leveraging CLIENT'S risk methodology
-Document and report risk to Vendor Assessment management team, business partners, and vendors
-Follow-up on open findings with vendors in repeat assessments if necessary
-Influence the behavior of peers and build relationships with other teams without direct authority over those teams to promote security awareness and risk management
-Assess current business practices and identify opportunities to promote effective third party risk management

-Strong expertise and working knowledge of assessing controls against standards and frameworks such as ISO27001:2013, ISO 22301, NIST 800-53 Rev 4
-Perform and complete new and existing assessments on vendors and third parties. Leveraging CLIENT's vendor assessment methodology that includes questionnaires, evidence requirements, and interviews with vendors and internal stakeholders to appropriately assess controls relating to security risk management, privacy and security policies and governance, organizational security, asset management, physical and environmental security, communications and security operations management, access controls of systems and applications, cryptography and encryption controls, information systems acquisition development and maintenance, third party relationship management, vulnerability and threat management, incident event and communications management, business continuity and disaster recovery, compliance with regulatory and industry standards, cloud controls relating to infrastructure, platform, and software as a services
-Ability to perform in-depth information security related assessments of new and existing vendors leveraging SIG based questionnaires and evidence
-Technical expertise to review a vendor's controls and document in business terms the risk, and recommendation to address the vendor's control deficiencies 5. Ability to document the assessment details, findings, and overall risk in a formal assessment report
-Strong written, and verbal communication skills, strong presentation skills to communicate risks to multiple audiences with varying technical skillsets
-Highly organized, self-motivated, and ability to manage multiple assessments at once
-Deep analytical capabilities to appropriately analyze risk and report areas of concern
-Minimum of 3-5 years conducting 3rd Party vendor risk assessments within an Information Security role
-Strong working knowledge of IT Security Operations experience working with networks, applications, systems, or datacenters
-B.A./B.S. degree in related discipline
-Ability to perform problem solving in a complex demanding environment
-Must be resourceful, creative, innovative, results driven, and adaptable
-Solid problem solving and analytical skills
-Competent designer of mixed-technology solutions
-Ability to perform in a fast-paced multidisciplinary environment
-Information Security and control certifications preferred (CISSP, CISM, CISA, or CRISC)
-Military education or experience may be considered in lieu of civilian requirements listed

Apply for this Job


Skill summary:

Resume *:

Attach resume (word)
Captcha image

Thank you for applying. Your application has been received.