Information Security Risk Analyst

The Information Security Risk Analyst role is responsible for critical assessment, analysis, and support necessary to maintain the Information and Cyber Security Program.

• Conduct comprehensive risk assessments to identify and evaluate potential threats and vulnerabilities to information systems, assets, programs, and practices
• Analyze controls for weaknesses in security, business resiliency, data protection, privacy, and compliance frameworks
• Leverages quantitative analysis and qualitative narrative to thoroughly document and report all identified risks and gaps to Information Security leadership
• Conduct Information and Cyber Security due diligence to support the Third-Party Risk Management program
• Support Information Security leadership with facilitation of program management efforts including but not limited to risk register maintenance, issue management, security awareness, vulnerability management, policies, procedures, metrics and reporting
• Interface and collaborate with internal stakeholders and external auditors as necessary to support the Information Security Program and other critical business efforts
• Perform horizon scanning and stay up to date with regulatory changes, emerging threats, vulnerabilities, security standards and best practices
• Participates in and support incident response activities as necessary
• Perform other duties as assigned

Required Experience:

• Bachelor's degree in cyber security, information technology, business, or finance, or equivalent industry experience. Professional certifications such as ISC2 Certified in Governance Risk & Compliance (CGRC), ISC2 Systems Security Certified Practitioner (SSCP), Comp TIA Security+
• 2-3 years of Information Security risk management or audit experience. Experience and understanding of regulatory requirements and laws, including but not limited to; GLBA, HIPAA, PCI, GDPR, and TDPSA. Experience with security and control framework including but not limited to; NIST, CIS, CSA, SSAE10 SOC2, and HITRUST
• Preferred experience with vulnerability management, security awareness, and GRC systems or platforms. Prior Information/Cyber Security of Information Technology practitioner experience in the financial industry or other highly regulated industry is helpful

Skills:

• Exceptional written and verbal communication skills; including ability to translate security and risk to all levels of the business. Strong analytical skills with proven attention to detail. Strong organization and time management skills
• Work occasionally requires more than 40 hours per week to perform the essential functions of the position
• Lifting in an office setting may be required up to 30lbs.

ANBTX strongly encourages candidates that are fluent in English and Spanish to apply. Jobs that specifically require candidates to be bilingual will be posted as a requirement. Apply Job!