• Share this Job

Senior IT/IS Risk Analyst

Location : New York, NY
Job Type : Direct
Hours : Full Time
Required Years of Experience : 6+
Travel : No
Relocation : No

Job Description :

Veritas Partners has an immediate need for a Senior IT/IS Risk Analyst to join our team in the Manhattan, NY area! This is an exciting opportunity for a Senior IT Risk Analyst to continue to hone your skills while working in a premier enterprise environment.


The successful candidate will perform complex risk assessments for applications, infrastructure, business and technology vendors against a defined risk framework. Assessments are conducted either through a formalized risk assessment program, or through other risk reporting activities (i.e. policy exceptions & risk acceptance). You will also provide primary support for vendor attestation documentation review while also providing continued expertise and guidance on the company’s risks and identifying potential security gaps and/or flaws.



· Perform IT/IS risk assessments on Bank’s applications and other assets

· Perform third party due diligence on service providers from an IT and IS perspective, ensuring that their controls are adequate to protect the Bank’s data; capability to include providing recommendations and evaluating management response to ensure that remediation plans and tasks adequately address identified gaps

· Provide support to the IS/IT Application Risk Assessment Program by interfacing and facilitating assessment activities with Vendors

· Perform reviews and create reports on third party assurance documents (i.e., SOC 1, SOC 2, and etcetera)

· Participate in controls testing to make sure controls are adequate; maintains Risk and Control Self-Assessment framework within the department

· Review security assessments of new and existing third-party service providers and ensures they comply with regulatory and audit obligations; including review of controls e.g. SSAE 18/SOC1/SOC2/Pen. Test/ISO27001, and third-party attestation artifacts

· Contribute and participate in on-site or remote vendor audits that may require InfoSec/Cyber expertise



· 6 years of Risk Management experience in areas of application infrastructure, vendor risk mgmt. and minimum 4 years’ relevant work experience supporting IT/IS Risk vendor due diligence required

· Bachelor’s degree required

· CISSP, CRISC, CISM, SANS or similar relevant certification preferred

· Strong communication, leadership, interpersonal and collaborative skills

· Experience with ISO 27001-2, NIST 800-53 or other controls framework and strong understanding of security certification such as SOC1/SOC2, SSAE 16/18, ISO27000

Required Qualifications :
Powered by AkkenCloud