Info Security Risk Analyst

Info Security Risk Analyst Healthcare IT: Security Analyst Newark, NJ Full-time About This Job 1. Perform third party vendor risk, project risk, or technology risk assessments. 2. Conduct on- site security assessments to measure the effectiveness of the third parties current control environment. (Travel Required) 3. Conduct ongoing security assessments to validate appropriate controls are in place. 4. Document and communicate with business and IT regarding security risks and deficiencies. 5. Provide Information Security consulting and subject matter expertise on third party service contracts and/or Sourcing arrangements 6. Assess the adequacy of a vendor's security program to safeguard data. 7. Focus on developing and improving security processes, assisting in metrics development, both within the technology and business organizations. 8. Ensure proper evidence is gathered to facilitate timely closure of remediation plans 9. Serve as advisors to the business by ensuring an ongoing awareness of identified risks. 10. Utilize expertise to identify evolving security threats and provide in-depth understanding of "if, how, and when" they should be addressed. 11. Evaluate and assess supplier criticality and review changes in scale and scope of services contracted with supplier for material impact. Confirm ongoing roles, responsibilities and persons involved with the Third Party. 12. Manage, monitor and track third party compliance to the Third Party Risk Management Program. 13. Monitor all applicable risk assessments are completed in the appropriate timeframe based on third party risk tier. 14. Individual judgment and decision making will be exercised to determine applicability of certain questions on various assessments based on the vendor service and vendor risk "Must Have" Skills for This Job 1. BA or BS degree in Computer Science, Information Technology/Systems, or related degree 2. CISSP, CISA, or equivalent 3. Third party, technology, and project risk assessment experience. 4. Experience with Governance, Risk, and Compliance tools 5. Minimum (1) year experience in Risk Management 6. 3-6 years of experience in an Information Technology Audit/Information Security Knowledge/Skills: • Requires an excellent understanding of IT security concepts with an emphasis on Security and Risk Assessment • Requires excellent knowledge of IT and computer systems • Requires excellent understanding of internal and external audit process • Requires in-depth understanding of Public Key Infrastructure (PKI), encryption, network security controls tools and functionalities • Requires an in-depth understanding of Payment Card Industry - Data Security Standard (PCI-DSS), and proficiency in applying Health Information Portability and Accountability Act (HIPAA) security rules and National Institute of Standards and Technology (NIST) standards • Requires demonstrated proficiency in applying Identity Management (IDM) concepts • Requires exceptional analytical thinking skills • Requires excellent verbal and written communication skills • Requires the ability to handle multiple tasks and prioritize effectively • Requires excellent PC skills and demonstrated proficiency with MS Office Suite • Requires excellent interpersonal skills and the ability to work effectively with others as a team • Proficient working knowledge within the following risk domains/technologies: (Change Management, IDS/IPS technologies, Firewall technologies, Network Architecture , Vulnerability Management , System/Access Administration, Key Management/Tokenization, Database and application security, Secure Software/Code Development, Physical and Environmental Security , Security Event Logging & Monitoring, Database/Application/Network Layer Secure Protocols)
Reference : Info Security Risk Analyst jobs

source http://cvwing.com/jobs/technology/info-security-risk-analyst_i2367