IT Security Analyst

IT Security Analyst

Job Description

Imagination Software Technologies Inc is seeking a Global IT Security Analyst will work with peers in global information security (GIS) and across the Technology Division to ensure that InfoSec risks are properly identified, assessed, adjudicated, and communicated in support of the overall GIS Risk Management program.

The IT Security Analyst will report to the Executive Director of GIS Risk Management and will assist with the continuous improvement of the InfoSec Risk Management program, including maturation of assessment methods, supporting instrumentation, development and delivery of training to Technology Division peers, registration and tracking of InfoSec risks, implementation and operation of an information management system (e.g., a GRC solution) to support the function, and communicating InfoSec risks to be rolled up into company’s broader Enterprise Risk Management function.

Major Responsibilities

  • Work with peers in GIS, Architecture & Product Management, Execution & Engineering, Infrastructure & Operations, and IT Compliance & Controls to identify and adjudicate InfoSec risks.
  • Conduct tabletop, lightweight, and detailed risk assessments using company’s established InfoSec risk management method and instrumentation.
  • Collaboratively author and edit various risk-related documents, including Risk Profiles, Risk Advisory Memos, Risk Acceptance Memos, exceptions and exemptions from GIS technical policies and standards, and other related output resulting from risk adjudication activities.
  • Work with GIS and Technology Division peers to define or refine Standard Operating Procedures (SOPs) to explicitly identify when to invoke company’s InfoSec Risk Adjudication Process.
  • Participate in and contribute to various working groups across the Technology Division, including but not limited to the Enterprise Architecture Board, various change advisory boards, Identity & Access Management working group, Data Protection working group, etc.

Skills & Abilities

  • Demonstrable knowledge of InfoSec risk management methods and practices.
  • Experience with recommending, implementing, or operating GRC solutions.
  • Professional certification in InfoSec or Risk Management (such as CRISC, CISM, CISSP, CGEIT, CISA, etc.).

Requirements

  • Objectively assess the impact, likelihood, velocity, and magnitude of identified risks.
  • Objectively advise on any number of technical controls that will mitigate risk will not imposing undue burden on those who must implement the controls.
  • Mediate differing perspectives on risks between a variety of Technology Division stakeholders.
  • Drive objectivity and build consensus among stakeholders with widely divergent perspectives and drivers.
  • Rapidly analyze complex technical details.

Required Experience

  • Bachelor’s Degree.
  • Minimum of 5-7 years of experience at director or manager level in publicly traded companies or finance/technology industry operations; OR minimum 7-10 years as a consultant to such companies at a commensurate level.
  • Experience in at least three of the following: InfoSec (Operations, Program Management, Governance, Risk Management, etc.), Enterprise Architecture, Identity & Access Management, Application Development, Infrastructure & Operations, IT Compliance, or Internal Audit.
  • Demonstrable knowledge of a broad range InfoSec technologies and practices.
  • Demonstrable, impeccable writing skills for technical, management, and executive audiences.

If you are currently pursuing career opportunities, please send a copy of your resume to jobs@iswtinc.com or give us a call at: (303) 495-2018.