Information Security Analyst 2

Sunrise Systems Inc

Salem, OR

JOB DETAILS
SKILLS
Analysis Skills, Apparel Industry, Apparel Manufacturing, Atlassian JIRA, Auditing, Best Practices, Business Processes, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Channel Strategies, Cloud Computing, Committee of Sponsoring Organizations of the Treadway Commission (COSO), Communication Skills, Computer Science, Computer Security, Consulting, Control Objectives for Information and related Technology (COBIT), Cross-Functional, Data Analysis, Data Quality, Data Recovery, Data Sets, Documentation, GIAC - Global Information Assurance Certification, ISO (International Organization for Standardization), Identity Data Management, Information/Data Security (InfoSec), Internet Security, Legal, Metrics, Microsoft Excel, Microsoft Office, Microsoft PowerPoint, Network Security, Persuasion Skills, Presentation/Verbal Skills, Problem Solving Skills, Process Development, Process Improvement, Regulatory Compliance, Retail, Risk, Risk Analysis, Risk Management, Security Analysis, Security Architecture, Security Software, ServiceNow, Software Development, Standup Meetings, Stewardship, Strategic Planning, Supply Chain, Systems Administration/Management, Systems Analysis, U.S. National Institute of Standards and Technology (NIST), Validation Testing, Vendor/Supplier Evaluation, Vendor/Supplier Management, Vendor/Supplier Selection, Writing Skills
LOCATION
Salem, OR
POSTED
4 days ago
Our client, a leading athletic footwear and apparel manufacturing company, is looking for a Information Security Analyst 2. This is for an initial duration of 08 months and is located at Beaverton, OR.
 
Job Title: Information Security Analyst 2
Reference ID:  26-03235
Location: Beaverton, OR.
Duration: 08 months
Job Type: Contract (Candidates must be able to work on W2 without VISA sponsorship)

 
 
Senior Information Security Analyst – Information Risk Management
  • CRISC, CISSP certifications preferred, not required
  • 2-5 years' minimum experience required in tech, cybersecurity, risk management, or similar role

Top must have skills include the following:
  • Third party risk assessment
  • Auditing
  • ServiceNow experience
  • JIRA
  • Microsoft Office Suite

Desired soft skills:
  • Adaptable
  • Willingness to learn
  • Effective communication skills
  • Ability to translate deep technical concepts to nontechnical audiences

Skills that would make a candidate stand out:
  • Experience directly in risk management
  • Understanding of retail/supply chain
  • Passion for sport

Who Are We Looking For?
  • We're looking for a Senior Information Security Analyst to join the Information Risk Management (IRM) team within Corporate Information Security (CIS). This role will deliver against an information security and cybersecurity assessment plan integrated into a broader enterprise risk management program supported by executive management.
  • You will leverage your knowledge of security policies, standards, controls, and industry best practices to perform risk assessments of Client systems and systems managed for by vendors. Our ideal candidate has superb communication skills, strong analytical and problem-solving ability, intellectual curiosity, and experience translating complex security risks for both technical and non-technical audiences.

What Will You Work On?
  • This role works with the Information Risk Management team to identify, assess, and elevate visibility to information security risks across technology landscape. Key responsibilities include:
  • Vendor Information Risk Assessments
  • Perform formal risk assessments on partner and vendor connections, evaluating vendor processes at the point of engagement with Client.
  • Ensure sufficient validation of data sharing arrangements and agreements to protect sensitive information.
  • Confirm business objectives align with the type and volume of data used, maintaining a "need to know/use " mindset.
  • Review third-party SOC reports and vendor security documentation as part of assessment activities.
  • Help establish risk and remediation ownership for identified vendor-related risks and document findings in the Risk Register.

Security Controls Baseline Assessments
  • Assess moderately complex platforms and systems against security and configuration standards.
  • Evaluate and process exceptions to information security policies and standards.
  • Perform compliance control validation testing to determine the operating effectiveness of IT controls for scoped systems.
  • Consult with technology units on IT general controls (ITGCs) and compliance matters.
  • Champion information security policies, standards, controls, and processes so compliance requirements are addressed as part of business-as-usual operations.

Internal Risk Assessments
  • Identify, document, and elevate visibility to information risk where business direction creates potential exposure to employee, athlete, and product sensitive data streams.
  • Identify and profile systems and processes that require risk assessments; scope specific assessments accordingly.
  • Perform detailed analysis of threats and vulnerabilities across information security domains including network security, asset security, security engineering, identity and access management, security operations, and software development security.
  • Review key system configurations and complex IT infrastructures (e.g., cloud services).
  • Communicate effectively through risk reports, presentations, and stakeholder interactions to drive remediation of identified risks.

Data Analysis and Other Projects
  • Support vendor risk management metrics, reporting, and master data stewardship to improve accuracy, timeliness, and completeness.
  • Provide analysis and insights into data supporting the effectiveness of technical and process-based cybersecurity controls.
  • Collaborate on process improvements for data retrieval, analysis, and risk assessment intake.
  • Contribute to IRM team projects and strategic initiatives as assigned, including documentation in ServiceNow (SNOW) and Box.
  • Support the risk analysis intake process and participate in daily standups and weekly process meetings.
  • General Responsibilities
  • Execute targeted internal and external (vendor) risk assessments in support of IRM strategy, following established team processes and enablers.
  • Be proactive in anticipating next steps in the risk assessment process and take action accordingly.
  • Collaborate with team members on assessment approach, scoping, documentation, and issue presentation activities.
  • Serve as an information security and CIS ambassador to lines of business and management.
  • Provide enforcement of security policies, standards, and procedures by working cross-functionally with Compliance and Governance functions.
  • Stay current on information security technologies, trends, standards, best practices, and emerging threats and vulnerabilities.

Who Will You Work With?
  • This role reports to the Director of Information Risk Management within Corporate Information Security (CIS). You will build strong partnerships with the IRM team, CIS, business and technology process owners, and various governance and legal functions (e.g., Audit and Privacy). You will work cross-functionally across at World Headquarters and globally.

What You Bring:
  • Bachelor's degree in Business Information Management, Computer Science, or a related field, OR relevant experience in lieu of a degree.
  • 5+ years of experience in information security, risk management, GRC, or a related field.
  • Knowledge of information security principles and practices, best practice security architectures, general procedures, and guidelines.
  • Knowledge of information security frameworks and best practices (e.g., NIST, ISO 27000, COBIT, COSO).
  • Experience performing vendor/third-party risk assessments and internal information security risk assessments.
  • Experience assessing systems against security standards and performing control validation or baseline assessments.
  • Experience reviewing third-party SOC reports preferred.
  • A general understanding of technology use, trends, and risks as they apply in a business context and environment.
  • Strong analytical and problem-solving skills with experience identifying solutions for complex problems in enterprise environments.
  • Superb communication skills (written and verbal) with comfort and experience in presentation delivery and proven persuasion skills.
  • The ability to appropriately communicate complex security risks to non-technical staff.
  • Experience with ServiceNow, Confluence, or Jira preferred.
  • Advanced knowledge of Excel and PowerPoint; experience organizing and analyzing large datasets preferred.
  • CISSP, CISM, CRISC, or relevant GIAC Management Focus Area certifications preferred.
  • Must be trustworthy in keeping sensitive data confidential.
  • Demonstrated desire for continual learning and improvement.
 
 
Interested and Qualified candidates, please send your most recently updated word document resume to

Jaffer.s@sunrisesys.com

.
 
 

About the Company

S

Sunrise Systems Inc

Sunrise Systems was founded in 1990 with a clear vision to deliver world-class staffing service solutions in all labor categories, including IT consulting and solutions; all with the commitment to provide service that exceeds expectations and become the most trusted name in the industry. More than two and a half decades later, we pride ourselves on being at the forefront of the staffing industry. Combining our deep industry expertise, insights, and global resources, we have partnered with our clients to connect them with top professionals across several different industries.

We provide cost-effective Managed Staffing Solutions, Information Technology and Information Technology Consulting Services to several Fortune 500 companies and U.S. Government agencies. We provide our clients with flexible engagement models and customized products that are budget and time specific. Understanding the challenges that every business faces, we offer our services either on-site at the clients' site or from one of our globally distributed technology centers. Our onshore and offshore development capabilities ensure that we excel at meeting customer requirements every single time.

Our collective business experience spans over two and a half decades and ranges from:

  • Business, management, and technical fields
  • Information technology consulting and software solutions.
  • Providing strategic support for the development and long-term growth of new business ventures across several industries including but not limited to; accounting, banking, finance, and recruitment.
  • Motivating technology staff and establishing partnerships with Fortune 500 companies

Sunrise Systems has a vast range of competence in:

  • Design, development, and support of cloud-based solutions from simple to highly complexed
  • Database administration of multi-platform applications, complex databases, and web-based environments that include all aspects of installation, planning, maintenance, and monitoring.
  • Data processing and data migration
  • Application re-engineering and platform migration
  • Working with the Information Systems and end-user communities at all levels to resolve issues and establish consensus.
COMPANY SIZE
100 to 499 employees
INDUSTRY
Staffing/Employment Agencies
FOUNDED
1990
WEBSITE
http://www.sunrisesys.com/