Hi,
We have an urgent C2H opening for Senior Risk Analyst – Day 01 Onsite in Cincinnati, OH. Our client is looking to fill this role immediately.
If you are interested in this role, please share the updated resume, filled skill matrix, consultant details, visa, and DL copy ASAP.
Skills
Skill Matrix:
- Overall experience
- Total years of work experience in the US
- Experience as Senior Risk Analyst
- Risk Management
- Experience in Cyber-Security / Technology / Information security
- Security Controls frameworks (CobiT, ISO 27001, NIST, NIST CSF, PCI DSS, RMF)
- Privacy regulations (GDPR, CPRA, NIS, NIS2, CPA)
- Governance-Risk-Compliance (GRC) (OneTrust, Archer, Xacta)
- Security Control Frameworks (ISO, NIST, HIPAA, PCI, SOX)
- GT Risk Management
- GT and corporate processes (M&A, JV, Projects, and 3rd Party/Vendor Management)
Consultant Details
Criteria
- Full Name
- Primary Phone
- Primary Email
- Education Details – Graduation
- Education Details – Master’s
- Certification if any
- LinkedIn Profile
- US work authorization and expiration
- Passport Number
- Expected pay rate/hr on W2
- Expected pay rate/hr on 1099
- Current Company Name
- Current location (City/State)
- Willing to relocate (yes/No)
- Availability to join new project/ Notice period
- Have you ever worked or interviewed for this client in the past?
- If yes, as a consultant or as an employee?
- Last 5 digits of Social Security Number
- Birth month and day (NOT YEAR)
Position: Senior Risk Analyst
Location: Day 01 Onsite in Cincinnati, OH
Contract type: CTH
Job Description
- Participate in ongoing reviews of the global company's Risk Management Program.
- Contribute to strategic plans supporting program objectives and alignment of technology risk activities across the company. Apply quantitative risk valuation models and tooling to inform and support strategic and tactical risk-based decisions.
- Assist in delivering GT Risk Management programs to mitigate technology-related risks.
- Contribute to program governance and processes for identifying, assessing, and responding to risks.
- Collaborate with other GT and corporate processes (M&A, JV, Projects, and 3rd Party/Vendor Management).
- Maintain risk assessment methodologies, processes, artifacts, and training.
- Lead or manage assessments and remediation efforts, tracking progress and reporting on security control gaps.
- Analyze risk/control information to formulate recommendations, metrics, and reports for management decision-making.
- Ability to analyze and aggregate risk across a complex organization and articulate risk clearly.
- Register GT risks, work with risk owners on risk treatment, and monitor risk treatment, response, and mitigation with risk owners. Weight business needs against security concerns and articulate issues and options to management.
- Present risk register and treatment plans to stakeholders on a regular basis.
- Enhance collection and maintenance of OneTrust risk register information.
- Work cross-functionally to improve workflow and collect required risk profile data.
- Assist project teams in the implementation of security measures to meet corporate security policies, manage risk, and meet external regulations, including various data security standards.
- Ensure proper documentation of technology assessment results, and monitor remediation. Deliver all documentation developed during task execution, with status of all work in progress. Create Weekly and Monthly Status Reports, including daily technical task reports, threat management reports, among others.
- Support the Business Technology Disaster Recovery process.
- Support the resolution of Internal Audit, Compliance, Risk Management, Regulatory related issues that could impact the confidentiality, availability, or integrity of data or processes.
What You’ll Need
- Five to Ten (5-10) years direct experience in a Risk Analyst role is required.
- A bachelor's or master’s degree in computer science, Cyber-Security or in a technology/information security-related field is preferred and can substitute degree in lieu of some actual experience.
- Experience with Security Controls frameworks (e.g., CobiT, ISO 27001, NIST, NIST CSF, PCI DSS, RMF, among others) and knowledge of privacy regulations (e.g., GDPR, CPRA, NIS, NIS2, CPA, etc.).
- Experience with a Governance-Risk-Compliance (GRC) software suite (OneTrust, Archer, Xacta, etc.) is required; prefer direct experience with OneTrust.
- Must be able to demonstrate a strong understanding of Security Control Frameworks (ISO, NIST, HIPAA, PCI, SOX) is required; prefer multiple framework experience vs single framework experience.
- Strong leadership, critical thinking and collaboration skills required.
- Attention to detail is a critical success factor for this role.
- Ability to influence peers, colleagues, and managers across business and divisional lines to take action on complex, technical or sensitive topics with company-wide impact.
- Must be analytical and possess the ability to interpret and apply policies and regulations across a large, complex business.
- Able to work effectively in an environment characterized by multi-tasking, fast-paced, led by multiple projects and conflicting priorities. Multi-level communications and interpersonal skills (including strong documentation skills). Able to effectively communicate security-related concepts to a broad range of technical and non-technical staff, across IT and business.
- Strong technical information security knowledge to assess various information security and risk management processes and tools.
- Any “one” certification in; CISSP, CRISC, CISA, CASP, CYSA, ISA, or Security+ CE is preferred.
#J-18808-Ljbffr
