Lead IT Risk Analyst

22591 : Lead Security Analyst (IT Risk) Our client is a discount retail powerhouse based in the East Bay. They are dedicated to continuously improving the technologies used to make their business more efficient. In support of this effort, they have a need for a Lead IT Risk Analyst, This position is a contract and will be based out of their Dublin, CA office. 100% remote work is offered. Responsibilities: The Lead IT Risk Analyst is the senior member of the IT Risk Management group responsible for leading and executing IT risk management and governance processes within the organization. This includes performing risk assessments, tracking mitigation efforts and developing risk metrics and risk reports. This position is also responsible for leading security risk related projects and enhancing programs, such as third party risk assessments, insider threat management, updating security policies and standards and executing security awareness programs. ESSENTIAL FUNCTIONS: Provides subject matter expertise in all aspects of risk management including performing risk assessments to proactively identify current and future security issues/vulnerabilities and recommend remediation strategies. Leads insider risk programs by identifying improvements and establishing supporting processes across the enterprise. Identifies and implements improvements to enhance the IT Risk Management program through optimization of processes, solutions, policies, procedures KPIs and other techniques. Performs third party risk management and reviews of contracts and agreements to ensure necessary security controls have been included as part of services and capabilities for the protection of company assets. Develops standards to support vendor selection and RFP process and participates in product and vendor selection process to provide subject matter expertise on Information security risk and compliance. Maintains risk register and develops IT Risk Management metrics and reports. Collaborates with IT Compliance Manager, Secure SDLC Manager, Information Security, and IT groups to gather and analyze metrics. Leads information security awareness programs by regularly conducting exercise to educate employees of information security and best practices. Monitors current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy. QUALIFICATIONS: Five years of experience within Information Technology with at least 3 in Security and/or Risk Management. Strong understanding of security governance, compliance, and risk management principles PREFERRED QUALIFICATIONS: CISSP (Certified Information Systems Security Professional) CRISC (Certified in Risk and Information Systems Control (CRISC) Working knowledge of UNIX and Windows Firewalls, VPN, PKI, IPS Oracle, MS SQL Virtualization Security Position logistics:

• Must be currently authorized to work in the US
• 6-12 months contract
• Position location: Dublin, CA