This job was posted by https://okjobmatch.com : For more information,
please see: https://okjobmatch.com/jobs/3074448 Risk Analyst
College Board - Risk Management
Location This is a fully remote role. Candidates who live near CB
offices have the option of being fully remote or hybrid (Tuesday and
Wednesday in office).
Type: This is a full-time position
About the Team
The Information Security Governance Risk and Compliance (ISGRC) team at
the College Board checks and certifies the College Board\'s Information
Security Programs. Our mission is to provide our stakeholders with
meaningful insights that continuously improve the risk posture across
the organization.
ISGRC partners work with business leads to perform necessary security
reviews of policies, systems, contracts, and vendors to better
understand and manage risk. The team also manages security policies,
security awareness training, and industry-recognized certifications (ISO
27001, SOC2 and PCI-DSS).
About the Opportunity
As a Security Risk Analyst, you will have the critical role of being
responsible for evaluating and managing exceptions to IT security
policies, for managing the Organization\'s Risk and Control Issues
Register (Risk Register), and for developing reports and metrics.
Your strong technical communication and negotiation skills will help you
build relationships and collaborate with diverse stakeholders and reduce
risk to the organization and ensure compliance.
Under the direction of management, you will manage the Risk Register and
perform security policy exceptions to help the College Board understand
its critical risks.
In this role you will:
Manage the Risk Register (20%)
- Leads the management of the issues and risks and quickly escalates
any untimely completion of audit actions.
- Works independently to communicate risks and works with others to
problem-solve risks to tolerance levels based on data and evidence.
- Maintains data quality of Risk Register and executes any required
data clean-up exercises.
{=html}
<!-- -->
- Understands College Board work to be able to drive Risk or Control
Owners to ensure consistent application of policies and standards.
- Raises awareness about Risk & Control Issues, Policy exceptions, and
available risk reduction options.
- Fosters a culture of risk awareness and compliance within the
technology department and across the organization.
Manage Policy Exceptions (65%)
- Independently analyzes policy exception submissions and provide risk
assessment reports for critical service lines, applications, and
infrastructure hosted on-prem and in the cloud.
- Evaluates and manage exceptions to IT security policies.
- Manages materials for the Exception Review Board and present
exception information to executive leadership and senior team
members.
- Maintains an up-to-date knowledge and understanding of IT security
policies and principles.
- Maintains a customer-focused attitude in all interactions with
customers and colleagues.
Manage Metrics and Reporting (15%)
- Provides weekly and monthly reporting for the Risk Register and
policy exceptions.
- Produces trending metrics and escalate exceptions.
- Performs other duties as assigned.
About You
- 5-7 years of experience managing or supporting IT Security Risk and
Control Risk Register and processing policy exceptions.
- Strong understanding of risk management techniques such as: risk
identification, risk scoring, risk mitigation, and risk tracking.
- The proven ability to lead conversations balancing risk and multiple
business needs that result in positive outcomes with multiple
stakeholders.
- The capacity to assess risk information and make risk
recommendations independently.
- Strong organization and prioritization skills a d the proven ability
to manage multiple tasks simultaneously, both independently and as a
member of the team.
- 7-10 years of experience in information security; governance, risk,
and compliance; and/or information technology projects.
{=html}
<!-- -->
- Excellent verbal and written communication skills.
- Experience with governance, risk, and compliance tools (e.g., RSAM,
RSA Archer) preferred.
- Experience with information security and privacy frameworks such as
ISO 27001, COBIT, NIST-CSF, NIST 800-53, GDPR etc.
- Current Information Security Certification (e.g., CISSP, CRISC,
CISM, CISA, or related security certification) preferred or the
ability to attain one within 6 months of hire.
- Bachelor\'s degree in computer science, cybersecurity, engineering,
IT management or four years equivalent IT and security industry
experience.
- For remote positions, ability to travel 4 times a year to our
Reston, VA office.
- Authorization to work for any employer in the USA
About Our Process
r