Information Risk Analyst

About ACA:
 

ACA Group is the leading governance, risk, and compliance (GRC) advisor in financial services. We empower our clients to reimagine GRC and protect and grow their business. Our innovative approach integrates consulting, managed services, and our ComplianceAlpha technology platform with the specialized expertise of former regulators and practitioners and our deep understanding of the global regulatory landscape.

Position Summary:

The Information Risk Analyst is responsible for the monitoring of compliance with the information security policies and programs of ACA. This position handles third party risk management, internal control and data governance tasks based on established processes, and assists with incident response. This position needs to understand the security vision and work towards realizing it. This position is responsible for finding ways to apply new departmental ideas into their daily work. This position needs a self-starter who works to improve their own effectiveness as well as provides ad-hoc suggestions for broader improvements for our security architecture, specifically as it relates to the effectiveness of risk and governance. Execution of assigned tasks on time and on quality with oversight and assistance from others. 

Job Duties:
 

1.  Assists in the development and maintenance of Information Security governance requirements (e.g. policies and standards).
2. Assists in the design of and facilitates the execution for ongoing compliance monitoring controls.
3. Performs vendor due diligence by evaluating and assessing potential risks posed by third party vendors.
4. Ensures the proper handling of sensitive data and its compliance with established polices and applicable regulatory frameworks.
5. Helps improve and maintain a comprehensive data governance framework
6. Stays up to date on developments with relevant laws and regulations to ensure the organization remains compliant.
7. Assists in internal audits and communicates across the organization on items which may require remediation.
8. Recommends risk treatment options for technical projects or other initiatives.
9. Participates in incident response exercises.
10. Assists with the incident management of any discovered security incidents.
11. Assists with identifying gaps in IT controls and generating mitigation recommendations.
12. Helps system owners make informed risk-related decisions.
13. Assists with responding to customer and partner cybersecurity inquiries.
14. Assists with the research, review, development, and/or enhancement of IT security systems.
15. Performs ad-hoc work/special projects as necessary to support ACA on various client and internal initiatives. 

Required Education and Experience: 
 

1. Bachelor's Degree in related field or two years' of practical experience in related information security or audit role.
2. Knowledge of industry security concepts / frameworks and regulatory standards such as ISO-27001, NIST, COBIT PCI-DSS, GDPR, SOC2 and DORA.  

Preferred Education and Experience: 

1. Bachelor's Degree in related field
2. Four years' of practical experience in related information security or audit role
3. Relevant cybersecurity professional certification (e.g., CISA, CGRC, CRISC) 

Required Skills and Attributes :
 

1. Demonstrated professional integrity
2. Dependable, flexible, and adaptable to new ACA initiatives and changing client needs
3. Ability to work well in a fast-paced, small-team environment
4. Ability to work independently, multi-task and prioritize effectively
5. Ability to establish and maintain effective working relationships with colleagues and clients
6. Highly motivated and goal oriented; proactive in one's own education and career progression; volunteers for and shows initiative on both internal and external projects and tasks
7. Dedicated to upholding ACA's high-quality standards and customer service focus
8. Strong organizational and problem-solving skills with attention to detail
9. Strong oral and written communication skills 

What working at ACA offers:
 

We offer a competitive compensation package where you'll be rewarded based on your performance and recognized for the value you bring to our business. Our Total Rewards package includes medical coverage fully funded by ACA for employees and their family as well as access to Maternity & Fertility and Wellness programs. ACA also provides Personal Accident Insurance, Group Term Life Insurance, Employee Discount programs and Employee Resource Groups. You'll be granted time off for designated ACA Paid Holidays, Privilege Leave, Casual/Sick Leave, and other leaves of absence to support your physical, financial, and emotional well-being.

What we commit to:
 

ACA is firmly committed to a policy of nondiscrimination, which applies to recruiting, hiring, placement, promotions, training, discipline, terminations, layoffs, transfers, leaves of absence, compensation and all other terms and conditions of employment. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected status.