Job Ref:
10023703
Location:
Adelphi, MD
Category:
IT and Project Management
Type:
Full time
Senior Analyst, Information Security Risk & Compliance
Security Risk & ComplianceUS Exempt RegularFull timeStateside Exempt 4.2Location: Adelphi, MD (Hybrid)
SUMMARY:
The Senior Analyst, IS Risk & Compliance performs security risk assessments, audits, and/or inspections, of the computing environment for UMGC’s customers. The Senior Analyst, IS Risk & Compliance is responsible for delivering executing security assessments, promoting effective IT internal controls and risk management, and providing guidance to IT and business units on all aspects of internal & external audits, governance, and business process improvements.
Additionally, the Senior Analyst, IS Risk & Compliance key role is to provide an independent opinion on the suitability of the IT risk management framework and to provide objective assurance that the risks in the business are being appropriately managed and that controls are operating as expected. You will be responsible for implementing the assessment process, educating stakeholders, building partnerships , and socializing security best practices.
EXPERIENCE:
- 7+ years in IT audit.
- Strong understanding of the NIST 800 special publications (e.g. NIST 800-171, NIST 800-53, Risk Management Framework, etc) and DoD CMMC.
- Collaborating with IT and business stakeholders to plan the engagement and develop work program timelines, risk assessments and other documents/templates.
- Lead and execute IT audit engagements.
- Experience in applying relevant technical knowledge in the following engagements: (a) ITGC audits; (b) IT internal or operational audits; (c) Service Organization Controls (SOC) Reporting engagements; (d) ERP and cloud security reviews.
- Demonstrating and applying strong project management skills.
- Solid knowledge of and experience with secure web architectures, tools and processes.
- Experience auditing network designs, network Security, wireless Security, and client/server security.
- Knowledge of vulnerability assessment/network discovery and associated tools.
- Experience auditing networking technologies.
- Experience auditing applications.
- Enterprise aware (change control, downstream impacts, understanding of cause and effect, change windows, etc.).
- Must have the knowledge of IT security technologies such as firewalls, intrusion detections systems, antivirus, patch management, etc., and the interest and experience to work on security policy and architecture.
- Knowledge of various control and risk management concepts and methologies as well as knowledge and expertise of all applicable regulations and audit standards such as FERPA, PCI-DSS, and SSAE-16.
- Advanced understanding of IT general controls (e.g. security, change management, incident and problem management, disaster recovery, backup, data center, infrastructure, data protection etc.)
- Competent knowledge of IT and Information Security operations, policies and procedures in areas such as Windows Active Directory, Unix/Linux and databases. Knowledge of cloud architecture (Azure, AWS), operational frameworks and security controls would be beneficial
- Ability to identify issues and associated risks, and provide practical solutions to a wide range of audit issues
- Experience of an IT line role would be advantageous but is not essential
- Experience or aptitude for using data analytics tools and techniques in an audit role would be a distinct advantage
- Proficient in the use of Microsoft Office Word, Excel, PowerPoint
Preferred Experience Requirements:
EDUCATION:
Skills:
- Demonstrated process improvement experience.
- Recognized as a strategic thinker and is results oriented.
- Demonstrated effective strong team player and self-motivator. Ability to work and interface internally with IT and other functional support groups with minimal guidance.
- Demonstrated successful experience in a customer-facing role.
- Excellent written and oral communication skills
Linked-in
Google