Senior IT/IS Risk Analyst
Veritas Partners has an immediate need for a Senior IT/IS Risk Analyst to join our team in the Manhattan, NY area! This is an exciting opportunity for a Senior IT Risk Analyst to continue to hone your skills while working in a premier enterprise environment.
The successful candidate will perform complex risk assessments for applications, infrastructure, business and technology vendors against a defined risk framework. Assessments are conducted either through a formalized risk assessment program, or through other risk reporting activities (i.e. policy exceptions & risk acceptance). You will also provide primary support for vendor attestation documentation review while also providing continued expertise and guidance on the company’s risks and identifying potential security gaps and/or flaws.
· Perform IT/IS risk assessments on Bank’s applications and other assets
· Perform third party due diligence on service providers from an IT and IS perspective, ensuring that their controls are adequate to protect the Bank’s data; capability to include providing recommendations and evaluating management response to ensure that remediation plans and tasks adequately address identified gaps
· Provide support to the IS/IT Application Risk Assessment Program by interfacing and facilitating assessment activities with Vendors
· Perform reviews and create reports on third party assurance documents (i.e., SOC 1, SOC 2, and etcetera)
· Participate in controls testing to make sure controls are adequate; maintains Risk and Control Self-Assessment framework within the department
· Review security assessments of new and existing third-party service providers and ensures they comply with regulatory and audit obligations; including review of controls e.g. SSAE 18/SOC1/SOC2/Pen. Test/ISO27001, and third-party attestation artifacts
· Contribute and participate in on-site or remote vendor audits that may require InfoSec/Cyber expertise
· 6 years of Risk Management experience in areas of application infrastructure, vendor risk mgmt. and minimum 4 years’ relevant work experience supporting IT/IS Risk vendor due diligence required
· Bachelor’s degree required
· CISSP, CRISC, CISM, SANS or similar relevant certification preferred
· Strong communication, leadership, interpersonal and collaborative skills
· Experience with ISO 27001-2, NIST 800-53 or other controls framework and strong understanding of security certification such as SOC1/SOC2, SSAE 16/18, ISO27000