Friday, March 15, 2019

Sr Information Security Risk Analyst

Job Title:          Sr Information Security Risk Analyst
Duration:          6 Months (could go contract to hire)
Location:          Pasadena, CA
Start:                 ASAP
Pay Rate/Hr:    $65 - $85/hr (may be flexible for the right person)

Our client is looking for a highly technical information security risk analyst focused on methodically managing risk within the company. You will be responsible for evaluating and documenting control implementation with regard to FedRAMP and ISO 27001 requirements, assisting with internal security reviews, and working with internal teams to address compliance and audit issues.

Job Duties Include:
 Participate in evaluating SaaS-based Platform & Service offerings against FedRAMP Moderate control baseline and provide support for on-going compliance testing and reporting.
Participate in Internal audits of Corporate Systems and Third-Party Vendor Services.
Routinely analyze and report on the state of key controls reviewed as part of the Continuous Monitoring Plan (ConMon).
Ensure compliance with risk-based governmental and industry standards and security compliance frameworks such as FISMA, FedRAMP, ISO 27001, BSI C5, and SSAE 16 SOC 2 Type II.
Assist in tracking Corrective Action Plans (CAP’s) and Plan of Actions and Milestones (POA&Ms) towards remediation.
Provide support for corporate information security, compliance & risk management projects and processes.
Enhance existing processes via process engineering and workflow automation.

Required Qualifications:
Deep knowledge of NIST SP 800-53 rev 4, Moderate Impact Systems and FedRAMP-Defined Assignment and Selection Parameters and control testing.
Deep knowledge of ISO-27001 standards and control testing.
Experience applying general security and risk management concepts to globally deployed cloud-based SaaS platform.
Experience with managing and supporting an Enterprise Risk Management Lifecycle, Processes and Procedures.
Experience with managing risks associated with Third-Party Vendor Cloud Service integrations.
Experience with participating in Disaster Recovery Planning and Management in an Information Security, Compliance or Risk Management supporting role.
Experience in preparing and managing compliance auditing workpapers such as document request lists, standard test cases and audit test plans.
Ability to articulate compliance standards and specifications to technical and non-technical audiences to assist in the design of technical controls to meet regulatory requirements
U.S. Citizenship is required

Preferred Qualifications:
Ability to work and effectively prioritize in a highly dynamic work environment.
Experience using Atlassian Jira for team workload assignment and prioritization.
Experience balancing multiple Key Priority Initiatives (KPI’s) and workload assignments through Scrum or Kanban project management.
Experience using SumoLogic or similar solutions for Security Audit and Compliance Analysis and management reporting.
Experience configuring, managing and providing support for GRC or IRM tools such as Archer, ZenGRC or RSAM.
CISSP, CISM, CRISC, CISA or ISO Lead Implementor Certification.

Andy Ballantyne
Sr Technical Recruiter
800-732-4680 x709