Vacancy caducado!
We have an exciting opportunity for a Risk and Security Analyst with our industry-leading client in Cambridge, MA.
We will accept corp to corp or w2 contractors. For our w2 consultants, we offer a great benefits package that includes Medical, Dental, and Vision benefits, 401k with company matching, and life insurance.Responsibilities:- Provide professional and technical information assurance and security expertise to support the design, implementation and operation of enterprise governance, risk and compliance (GRC).
- Write Policies and related supporting documentation, such as standards and procedures
- Help develop processes to support GRC business needs using tools to automate these processes.
- Contribute to the enhancement/refinement of the Information Security Risks & Controls library
- Assist with the development and implementation of controls in alignment with NIST standards: Assist in implementation of Common Controls in the GRC tool and subsequent ongoing authorization and continuous monitoring
- Assist IT System Owners and Control Owners in attestation and assurance processes
- Plan and perform user acceptance testing (UAT) of GRC tool enhancements identifying issues and providing recommendations for resolution, communicating system changes to end users
- Perform information security risk and control assessments and report on information security risks and recommend mitigation strategies; document and monitor information security remediation and control improvements
- Support the continuous improvement of Information Security Policies, Standards, Processes, and Procedures
- A minimum of 5-7 years' experience in information security and/or risk management, especially in an information risk analysis, Enterprise Risk Management (ERM), and/or IT Audit role.
- Knowledge of quantitative and qualitative risk evaluation methods, including information security control frameworks such as NIST, ISO, and COBIT.
- Proven experience with control monitoring principles and practices.
- Ability to understand and engage applicable industry-related regulatory requirements (e.g., FDA, FIPS, EU Annex 11, GDPR)
- Direct experience in cybersecurity risk analysis and related security products/systems (ServiceNow GRC strongly preferred)
- Demonstrable knowledge of information security standards, data security practices and procedures, network security, application security, and database security
- Understanding the impact of various data protection and integrity controls, operating systems and network security controls, authentication controls, and security protocols
- Ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside to make appropriate assessments and decisions.
- Excellent analytical and problem-solving skills
- Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.
- Strong communication skills and ability to convey complex concepts in simplified terms.
- Flexible and able to adapt quickly to changing technology
- Open and able to apply original and innovative thinking to produce new ideas and create innovative approaches to information security oversight and compliance.
- Experience with development and implementation of information security awareness and education programs.
- Strong knowledge of Microsoft Office product suite, and corporate business applications including Skype and SharePoint
- Comfortable working independently and collaboratively to achieve business outcomes
- Biotech and IT experience preferred
Vacancy caducado!