IT Risk Analyst

Profile

The IT RISK ANALYST is an excellent communicator and well-rounded security generalist who leverages a long history of network and systems administration experience to evaluate internal and external risk factors.  The role is primarily focused on the operational aspects of mature Third-Party Risk Management (TPRM) and Cyber Risk Management Programs.

 

REPORTS TO:  Director, IT Security & Compliance

 

ESSENTIAL DUTIES AND RESPONSIBILITIES:

*Analyze network data flows and architectural documentation for security shortcomings and recommend compensating controls in accordance with applicable regulatory guidance and policies. *Responsible for implementing the security awareness program *Conducts initial and ongoing 3rd party cyber risk reviews, risk ranks vendors by criticality, and advises leadership on vendor risk decisions *Reviews and recommends compensating controls for security policy exception requests *Maintains a current understanding of the regulatory environment *Other duties as assigned

REQUIRED SKILLS AND COMPETENCIES:

*Highly skilled communicator *Experience with one or more log-aggregation / SEIM platform (e.g. ELK, Splunk, Rapid7 etc.) *Working knowledge of cloud, host, and network administration or auditing *Solid understanding of encryption fundamentals and their proper application *Conceptual knowledge of all infrastructure technologies and how data is processed/secured on each *Experience with vulnerability and patch management programs *Able to visualize the interconnection of systems and predict vital design decisions with inherent risk implications *Willingness to broaden skills

QUALIFICATIONS

EXPERIENCE AND EDUCATION:

*3+ years of IT-related support experience including knowledge of Risk Management practices *One or more of the following industry certifications is preferred: S+, CISA, CISSP, GSEC, GSNA, GCCC

Company info

DSW, Inc.
Website : http://www.dsw.com