5+ years of experience
Concerned about your lack of experience? Learn More...
Employment Type:
Full time
Job Category:
Information Services
Senior Security Risk Analyst
(This job is no longer available)
Grad Date

Not sure what types of jobs you are interested in?

Explore Jobs
Based on Your Education

Follow This Company

Job Description

Senior Security Risk Analyst
Northbrook, IL

Prestigious Organization is seeking a Senior Information Security Risk Consultant who is responsible for identifying and securing the enterprise's information assets through contribution to the design, implementation, and maintenance of the risk assessment and variance programs. The incumbent will be able to provide transparency on information security risk and enable the business to make informed, risk based decisions. This resource will determine the risk to the company, gather the appropriate subject matter experts to consult on possible solutions, manage each exception until remediated, and provide key stakeholders the necessary information to make informed business decisions. In addition, this resource will be expected to participate in extensive client interactions relating to technical, procedural, and documentation controls with a wide range of technology-based and business functions, will be able to drive problem resolution, and implement effective mechanisms to track and report on security risks. Certifications such as CISSP, GSEC, GIAC, CISA, CRISC, CISM, or CCNE are recommended.

Responsibilities include:

* Serve as a trusted cybersecurity advisor for the business through demonstration of a strategic understanding of the partner's business, mission and goals, and support business initiatives in a complex and evolving risk landscape.

* Ability to fully understand the business strategy and environment and align appropriate solutions to enable secure business practices and maintain competitive advantage.

* Identify and recommend appropriate measures to manage and mitigate risks and reduce potential impacts on information resources to a level acceptable to the senior management of the company.

* Conduct business impact and/or risk assessment analysis and assist with recommendations and/or mitigation strategies to management through information security risk assessments and consultation with the business.

* Assist the Policy & Standards team in the development, implementation, and enforcement of standards and procedures to secure and protect Company assets.

* Research and evaluate emerging trends, threats and technologies both internal and external.

* Provide support to stakeholders on requirements for new and existing business/technology solutions to assure compliance to standards and governing policies and procedures.

* Reporting and communication of security compliance issues and recommendations

* Champion the integration of security risk management activities into Company day to day processes.

* Assist in integrating information security services into the ATSV work intake and project management processes.

* Partner with all areas of the business, including internal auditors, legal, IT and business partners.

* Develop and improve KPIs, metrics, and trending for the risk management and consulting function.

* Respond to and assist with audits, assessments and compliance requests.

* Participate and lead new projects as needed.

* Serve as client liaison as needed on matters pertaining to Risk Management.

* Promote and consult on the positions that help strengthen and secure the organization by either following standards or helping direct others on technology positions.

* Act as a subject matter expert for the organization's information asset protection policies and procedures, and information technology best practices.

* Develop and refine procedures and techniques used by the team.

* Other duties as assigned.

Job Qualifications


Education: College Degree or equivalent work experience; 5+ years work experience in security or risk management, project management, data protection

Certifications in area of specialty a plus. Examples include: CISSP, CSSLP, CISA, CISM, GIAC certs, CFE, CNP, CEH, etc.

Experience in the insurance and/or financial industries preferred

Demonstrated ability to participate in cross functional teams, including offsite, remote, and offshore resources

Ability to effectively communicate with technical and non-technical resources

Strong organizational skills

Self-directed, works with minimal guidance, and recognize when guidance is needed

Proficient in Microsoft Office Suite (Word, Excel, Project, PowerPoint, Visio)

Demonstrated ability to stay abreast of evolving security technology such as cloud and mobile computing

Knowledge of PCI DSS, HIPPA, ISO, NIST, and IT Controls

Strong understand of IT security best practices


Applicants must be eligible to work in the specified location