IT Risk Services Analyst Job Painted Post New York USA,IT/Tech

Location: Painted Post

Integrated Resources, Inc., is led by a seasoned team with combined decades in the industry. We deliver strategic workforce solutions that help you manage your talent and business more efficiently and effectively. Since launching in 1996, IRI has attracted, assembled and retained key employees who are experts in their fields. This has helped us expand into new sectors and steadily grow.

Job Description

Responsibilities:

· Work with project teams to provide Privacy Impact Assessments

· Conduct IT Risk Assessments on External Vendor’s system architecture and design to ensure the security requirements meets maturity levels

· Review third party RFP responses with security architects, and evaluate SSAE
16 SOC Type 2 reports and similar reports to identify key areas concerning security, risk and compliance

· Conduct training to project services resources on risk, security assessment process, and data privacy assessment process

· Assist with internal and external audits and assessments

· Assist with the development of programs to ensure compliance to regulatory requirements

· Perform other IT related assessments as assigned

Maintenance of Standards & Policies

· Contribute to the maintenance of IT Policies – Clean Desk Policy, AD Password Policy

· Create work instructions for evaluating requests against Standards & Policies

· Evaluate requests and applies the IT exception processes to these requests

· Clearly document and define risks and potential impacts and identify systems affected by the defined risk

Communication of IT Risk Services policies and standards

· Maintain and contribute to SharePoint sites regarding IT Risk content

· Create and/or coordinate training sessions as required

·
Monitoring IT Risk Services mailbox and respond to requests and customer inquiries

· Log and follow up on customer issues

·
Interact with other teams :
Global Information Security, Global Security, Cyber Security, and IT Teams as required

Disaster Recovery

· Track and assist with the completion and updating of Component Recovery Plans

· Communicate recommended business continuity preparations and controls, including deficiencies, to business units

· Approve restoration of Backup Data to DR sites

· Participate with internal audits and testing of Component and Disaster Recovery Plans

Monitoring & Reporting

· Provide summary and status reports regarding assessments and project status

· Summary reports exception requests and status

· Awareness of all risk-centric tools within the environment

CONDITIONS OF WORK: (Note any travel requirements or physical demands required. Also note if employee will be exposed to any hazardous conditions.)

· On call rotation may be required

· Occasional after hours and weekend work required

· Occasional travel between the business sites may be required

Qualifications:

· Bachelor’s degree preferred, with 3-5 years’ information
risk management experience preferred and/or advanced degree in related field

·
Educational, Licenses and Certificates.

·
CISSP certification or SANS certificates or certification preferred

· 3 + years’ experience working with project teams

· Understands risk and security processes and uses the knowledge to respond to customer inquiries

· Strong technical writing and oral communication skills

· Customer Focus

· Experience interacting with internal customers and vendors

· Organizational sensitivity with the ability to deliver a tough message to associates at all levels

· Possess a professional attitude and work ethic in addition to being well organized and efficient

· Strong computer skills, including operating systems and software with SharePoint experience a plus

· Ability to instill trust; high standards of integrity

· Flexibility and adaptability – adapts to changing priorities

· Self-starter – demonstrates personal initiative; high personal work standards

· Decisive evaluation of risk for applications and infrastructure required

· Requires reading of white papers, briefs, and attending seminars and training to maintain current in technology and IT risk issues and concerns

Qualifications