Posted

30+ days ago

Location

Columbia, SC

Description

DPP is seeking candidates for the role of Senior Information Security Risk Analyst with our client in the financial industry in Columbia, SC.
 
The role of the Senior Information Security Risk Analyst:
  • Identify, investigate, analyze, and recommend information security guidance to ensure bank assets and processes maintain confidentiality, integrity and availability, while assessing against all applicable regulations, industry standards, and bank policies, directives, and standards.
  • Perform comprehensive information security risk assessments that evaluate inherent risk, plan controls and safeguards, and ensure alignment of residual risk and risk appetite.
  • Evaluate technology and business projects, business requirements, and recommend security controls to ensure effective information security and compliance with enterprise standards.
  • Communicate information security risk issues and control gaps through security governance processes. 
What you will be responsible for:
  • Foster a culture of collaboration and responsible risk management through the definition and adherence to appropriate risk appetites, control frameworks, policies and directives
  • Serve as Information Security subject matter expert for business line projects and participate in the development, implementation, and maintenance of information security for the bank
  • Assist with enterprise information security risk deliverables and collaborate with risk partners on information security priorities
  • Perform Information Security Risk Assessments; decompose complex risk issues and gain business line consensus on risk level and risk response to include acceptance and mitigation of risks, and establish and communicate residual levels
  • Identify and evaluate complex technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement
  • Perform pre- and post-contract risk assessments, as well as ongoing service and compliance monitoring to ensure the continued adherence to applicable industry regulations and standards, and Client Policies and Directives
  • Maintain information security by monitoring and ensuring compliance to policies, directives, and standards; contribute to developing and conducting training
  • Risk Metrics: (Understanding the difference between KPIs and KRIs) Analyze data to produce specific, measurable, actionable, relevant, time-bound metrics for Senior and Executive Management
  • Monitor information security trends internal and external to the bank and keep business lines informed about information security related issues 
What you will need:
  • A degree in Information Assurance, Information Systems, Risk Management, Auditing, Computer Science or related field, or the equivalent in education and work experience
  • Minimum of 8 years of experience in the Information Security field, with at least 3 years of information security risk management and/or operational risk, developing and executing information security risk assessments using industry standard approaches, methodologies, and frameworks (e.g., NIST, Financial Services Regulations)
  • CISSP, CISM, CISA, CRISC, or equivalent industry recognized certification preferred
  • Possess strong/experienced application development and/or application security background; with solid knowledge of SDLC from design, testing, deployment to post production and the different risk elements associated with each step
  • Expert knowledge of, and demonstrable experience in, application security, vulnerability testing, and development of risk appetite, as well as significant experience evaluating; cyber security controls
  • Strong awareness and experience with industry risk analysis approaches (ISO, COBIT, COSO) as well as all industry regulations and standards (SOX, GLBA, FFIEC, OCC, HIPAA, PCI Agency, NIST, OWASP)
  • Have the ability to interact with business stakeholders and technical personnel at all levels; experience organizing, participating and executing critical time sensitive projects; experience interacting with project managers, vendors, architects, technical experts and management
  • Ability work effectively with limited supervision with business and technical personnel at all levels of the organization
  • Effective at managing personal time and effort across multiple concurrent project assignments
  • Contribute knowledge and recommendations for risk-based assessments on emerging technologies, vulnerabilities, threats, and associated risks
  • Obtain experience knowledge related to the various aspects of the company’s lines of business to enhance impact understanding of potential technology risks 
About our client:
Our client provides financing, as well as a range of technology and other services, to a network of agricultural lenders in the United States and Puerto Rico. Located in Columbia, SC, our client is committed to providing a comfortable, inclusive work environment. They believe in investing in their employees so they can help lead our $35 billion company into the future. If you are looking to fuel your professional development and gain exposure in the field of Information Security, apply today!
 
Interested? Learn more:
Click the apply button or contact our recruiter Tyler King at (803) 978-1995 to learn more about this position (21-00192).
 
DPP offers a range of compensation and benefits packages to our employees and their eligible dependents. Call today to learn more about working with DPP.
 
Authorized US Worker - US Citizens and those authorized to work in the US are encouraged to apply. We are unable to sponsor at this time. EOE/AA/V/D