Information security Analyst
Charlotte, NC. Posted 09-10-18
Responsible for supporting the Business Information Security Officers in all aspects of the Cybersecurity program in support of Technology line of businesses. This position requires strong Risk and controls background, remediation governance, risk tracking, risk partner relationship management and business-focused risk remediation guidance.
Partner with business and technology to complete their IT risk control agenda, leveraging internal resources and processes as appropriate. Partner with the rest of the Cybersecurity organization to ensure program consistency, develop information security risk strategies, implement action plans, and recommend policy and procedural changes for risk avoidance and mitigation. Provide subject matter expertise, guidance and direction into Information Technology policy, standards and controls and IT Risk programs. Provide subject matter consulting for ad hoc guidance requests involving IT risk. Communicate the practical implications of IT risk treatment decisions to business and technology individuals. Track risk mitigation activities to ensure accurate and appropriate reporting to ensure that leadership is informed in a timely manner.
3-6 years" experience working within the information security, IT Risk or audit fields 2-4 years" experience in the financial services industry, in a role specific to risk management, audit or information security. Excellent verbal and written communication skills enabling candidate to prepare and present to all areas of the business, including senior management Knowledge of industry-recognized information security-related standards such as ISO2700x, COBIT, PCI-DSS, FFIEC. Basic understanding of application, network, operating system, and core infrastructure security concepts and concerns. Strong client relationship and leadership skills. Highly self-motivated/works independently. Strong organization skills. Detail-oriented, committed to quality. CISA, CISSP, CRISC certifications a plus. BA/BS or equivalent combination of work experience and professional certifications.