Social network you want to login/join with:
We are seeking two highly skilled Security Risk Assessors to join our Information Security team. The ideal candidates will be responsible for maintaining and executing a robust security risk assessment program, ensuring alignment with internal policies and external regulations. This role plays a vital part in identifying, evaluating, and mitigating risks to critical assets and third-party services.
Key Responsibilities:
* Maintain and enhance the Security Risk Assessment Framework, procedures, and workflows.
* Manage and update security questionnaires to ensure alignment with applicable policies, standards, and regulatory requirements.
* Conduct risk assessments for internal assets and third-party vendors.
* Evaluate inherent and residual risk across various systems and services.
* Produce technical written reports detailing assessment results, control gaps, non-compliance issues, and recommend remediation strategies.
* Communicate findings and control deficiencies clearly with asset and control owners.
* Perform periodic risk assessments in accordance with internal policies and procedures.
Required Skills & Experience:
* Proven experience conducting security risk assessments in enterprise environments.
* Strong understanding of security compliance frameworks (e.g., NIST, ISO 27001).
* Demonstrated ability to assess and report on third-party/vendor risks.
* Expertise in risk evaluation methodologies (e.g., calculating inherent vs. residual risk).
* Excellent technical writing and documentation skills.
* Experience communicating with both technical and non-technical stakeholders.
* Mandatory experience with NIST and RSA Archer platforms.
Preferred Qualifications:
* Bachelor’s degree in Information Security, Cybersecurity, or related field.
* Professional certifications such as CISSP, CISA, CRISC, or CISM.
* Familiarity with other governance, risk, and compliance (GRC) tools.
#J-18808-Ljbffr