Information Security Risk Assessor

**Responsibilities**:
**What will you contribute?**

**ESSENTIAL DUTIES AND RESPONSIBILITIES**

As an Information Security Risk Assessor, your deliverables will include, but are not limited to, the following:

- Assist with development and implementation of the information security risk assessment strategy, methodology, and process
- Assist with planning and execution of the annual security control risk assessment schedule
- Identify, evaluate and assist with security control recommendations to mitigate information security risks
- Evaluate and advise on implementation and effectiveness of security controls for compliance with applicable information security laws, regulations, and policies
- Ensure that risk treatment plans are in place and tracked for findings identified during risk assessments, audits, and regulatory examinations.
- Document information security risk and compliance findings, recommendations and risk treatment plans in written reports for senior level management
- Independently facilitate meetings and discussions with senior level management and staff to understand and document processes and systems
- Provide guidance to business partners to ensure compliance with information security regulatory requirements and internal policy
- Support the third-party security vendor risk management program and lifecycle

**QUALIFICATIONS REQUIRED**
**Knowledge / Skills**
- Be a self-starter and an output-driven team player with experience in fast-paced environments.
- Track and manage numerous parallel activities.
- Work efficiently and independently with mínimal supervision (i.e., self-motivated and willing to stretch to meet important deadlines).
- Thrive in a fast-paced and dynamic environment.
- Build and maintain constructive working relationships across the enterprise at all levels.
- Effectively communicate in both written and verbal manner to influence both technical and non-technical audiences.
- Earn the trust and respect of colleagues both in and outside of the Information Security team.
- Working knowledge of the financial industry a plus.
- Strong analytical skills.
- Strong project management skills.
- Excellent written and oral communication skills; ability to express thoughts clearly, know how to listen and contribute in a team environment.
- Exceptional Microsoft Office ability - especially Excel and PowerPoint with Power BI a Plus.

**Experience**
- Minimum of 5+ years of information security experience in any combination of risk management, information security or information technology
- Experience across various security, compliance, regulatory and common control frameworks (NIST CSF/SPs, ISO, FFIEC, SWIFT, PCI, GDPR, SOX, etc.) and risk frameworks/methodologies (NIST RMF, FFIEC CAT, OCTAVE, FAIR, COSO, etc.) as they relate to the banking, technology, and software industry
- Experience with tools and technologies used to manage information security program governance, such as eGRC tooling/software
- Experience with specific security tool/processes including security monitoring, vulnerability assessment, Intrusion detection/prevention, proxy servers, data loss prevention, anti-malware/virus, etc. is strongly preferred
- Proficiency in information security domains, including risk and control assessments, policies and standards, secure systems development lifecycle, regulatory compliance, access controls, technology resiliency, governance and metrics, incident management, vulnerability management, and data protection

**Education / Certifications**
- Bachelor's degree from an accredited college or university, or equivalent experience. A degree in Computer Science, Information Systems, or a related field or discipline is preferred but not required.
- Industry certifications in the areas of Information Security a plus.