Jobs
>
Sacramento

    InfoSec Risk Analyst - Sacramento, United States - Search Pros Inc

    Search Pros Inc
    Search Pros Inc Sacramento, United States

    3 weeks ago

    Default job background
    Description

    Job Description:
    M-F 8am to 5pm // Hybrid in Sacramento CA

    The governance, risk, and compliance (GRC) InfoSec Risk analyst is responsible for supporting the security direction of the business and elevating the company's security posture.

    The GRC InfoSec Risk analyst is expected to support the security strategy of the business within new and existing information system capabilities.

    Consequently, the position requires both an understanding of legacy systems, as well as new technologies and requirements. The GRC InfoSec Risk analyst is also responsible for the analysis and implementation of policies and maintenance.

    The ideal candidate is technical and possesses at least five years of experience in IT security, compliance, or risk management.

    In tandem with IT and security leadership, the GRC InfoSec Risk analyst consistently assesses and validates the assurance of the security program.

    As a primary point of contact for internal and external auditors, the GRC InfoSec Risk analyst monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business.

    As a key member of the IT GRC team, the GRC security analyst must focus on strong risk management and corporate resiliency, and not be driven solely by compliance.

    The position requires a diverse background to understand a variety of systems, including new technologies and legacy systems considered business critical.


    TASKS, DUTIES, FUNCTIONS:
    1. Conduct enterprise-wide, ongoing risk analysis in tandem with compliance and security.
    2. Maintain oversight in a GRC-related platform.
    3. Identify strengths and weaknesses in the GRC program as they relate to privacy, security, business resiliency and compliance frameworks.
    4.

    Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.

    5. Maintain strong oversight of third parties, vendors and business partners to safeguard against undue risk presented by external entities. Escalate to GRC management and business unit leads when points of weakness are discovered.
    6. Analyze findings, and document, recommend and report program gaps to GRC leadership.
    7. Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply GRC expertise across key lines of business, including products, practices and procedures.
    8.

    Define qualitative and quantitative metrics to assess the success of the GRC program and provide regular reports to GRC, Security, and business leadership.

    9. Ensure security and technology teams maintain up-to-date configuration documentation for systems and processes. Maintain rigorous oversight of security systems and security configuration administration to reduce risk to enterprise systems and accounts.
    10. Act as a key participant in incident response to track occurrence and resolution, with strict documentation and reporting.
    11.

    Work in tandem with security, audit and risk management leadership to perform ongoing security program assessments and create annual strategic technology and budgetary directives.

    12. Attend and fully engage in change and project management meetings.
    13. Liaison with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.
    14.

    Act as a point of contact for disaster recovery and business continuity as it relates to security frameworks, compliance and privacy laws.

    15. Perform other duties as assigned.

    1.

    At least five plus years' experience in cyber security as a practitioner and with at least two to three plus years exposure with various security frameworks.

    2.

    Strong business acumen and security technology skills for well-rounded proficiency, as well as proven ability to align with security practices and compliance responsibilities.

    3.

    Experience and understanding of various regulatory requirements and laws, including but not limited to PCI, SOX, HIPAA, GDPR and GLBA.

    Additional experience in one or more of the following:
    ISO 27001/2, ITIL or NIST.
    4.

    Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business.

    5. Capacity to understand legacy and progressive technology and security controls along with respective risk. Working knowledge of technologies such as cloud computing, DevOps and application security is required.
    6. Up-to-date understanding of a wide range of incident response, system configuration, vulnerability management and hardening guidelines.
    7.

    Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.

    8. Proven project leadership with both legacy and emerging technologies to assess and manage business risk and enforce security controls.
    9. Prior team leadership experience preferred.
    10. Must be self-directed, able to work on own initiative.
    11. Ability to work under pressure and tight deadlines; may be required to work extended hours to complete tasks.


    EDUCATION:
    Bachelor's degree in Business Administration, Accounting, Management Information Systems or Computer Science is strongly preferred. Advanced Degree in Business Administration or other related area is preferred.


    EXPERIENCE:

    Minimum five years' experience in cyber security as a practitioner and with at least two to three plus years exposure with various security frameworks, experience in a technology risk, security, or compliance role preferably in a financial institution.

    Detailed understanding of risk management and controls assurance. Strong understanding of information security controls and standards such as ISO 27001/2, NIST, CSF, and related frameworks.

    Thorough understanding of various regulatory requirements and laws such as, but not limited to PCI, SOX, HIPAA, HITRUST, GDPR and GLBA.

    Experience in a role balanced between business stakeholders and a central technology service organization. Certifications, such as CISSP, CRISC, CISA, CIPP, CISM, are well regarded.


    LICENSES / CERTIFICATIONS:
    Holds or is working toward one or more of the following: CISSP, CRISC, CGEIT or GRCP.

    Project Management Professional (PMP) and (PfMP) certifications from the Project Management Institute (PMI) or Certified Business Analyst Professional (CBAP) from the International Institute of Business Analysis (IIBA) preferable, but not required.

  • The Judge Group Inc.

    INFOSEC Risk Analyst

    3 weeks ago

    The Judge Group Inc. Sacramento, United States

    Location: Sacramento, CA · Salary: $40.00 USD Hourly - $45.00 USD Hourly · Description: Our client is currently seeking a INFOSEC Risk Analyst · The governance, risk, and compliance (GRC) InfoSec Risk analyst is responsible for supporting the security direction of the busines ...

  • California State University Sacramento

    Emergency & Risk Management Analyst

    3 weeks ago

    California State University Sacramento Sacramento, United States

    Emergency & Risk Management Analyst · Job No: · 534546 · Work Type: · Staff · Location: · Sacramento · Categories: · Unit 9 - CSUEU - Technical Support Services, Administrative, Probationary, Full Time, Safety, On-site (work in-person at business location) · Working Title: ...

  • Sedgwick

    Insurance and Risk Management Analyst

    2 weeks ago

    Sedgwick Sacramento, United States

    Taking care of people is at the heart of everything we do, and we start by taking care of you, our valued colleague. A career at Sedgwick means experiencing our culture of caring. It means having flexibility and time for all the things that are important to you. It's an opportuni ...

  • RADcube

    PMO Analyst

    2 weeks ago

    RADcube Sacramento, United States

    **PMO Analyst**: · **Type**:Contract | **Location**:Sacramento, California · Role Description: · We are seeking a highly motivated PMO (Project Management Office) Analyst to join our team. · The PMO Analyst will play a pivotal role in supporting project management activities, ens ...

  • Sabot Consulting

    IT Business Analyst

    3 weeks ago

    Sabot Consulting Sacramento, United States

    **IT Business Analyst - MMIS** · **Location**: Remote · **Salary**: $90-155k · Sabot Consulting is seeking an IT Business Analyst that will play a crucial role in analyzing, designing, and implementing technical solutions to meet our organization's business needs on a MMIS projec ...

  • CalSTRS

    Investment Support Analyst

    3 weeks ago

    CalSTRS West Sacramento, United States

    **CalSTRS is Hiring Are you ready to take your career to the next level?** · The CalSTRS Investments Branch is seeking an experienced individual to work as a Staff Services Analyst on the Global Equity team. · Global Equity is the largest asset class by market value in the total ...

  • Sabot Consulting

    Business Analyst

    2 weeks ago

    Sabot Consulting Sacramento, United States

    **Business Analyst - DocQNet** · **Location**: Remote · **Salary**: $90-165k · Sabot Consulting is currently seeking a Business Analyst to assist the DFPI with completing the business process documentation and requirements activities associated with Project Approval Lifecycle (PA ...

  • CalSTRS

    Portfolio Manager, Sustainable Investment

    3 weeks ago

    CalSTRS West Sacramento, United States

    **CalSTRS is Hiring Are you ready to take your career to the next level?** · **This position is eligible for incentive compensation and has a maximum incentive opportunity of 125% of base salary.** · The CalSTRS Investments Branch is seeking an experienced individual to work as a ...

  • Employment Development Department

    Staff Services Analyst

    3 weeks ago

    Employment Development Department Sacramento County, CA, United States

    **This position is considered "hybrid" with on-site work two days a week at 722 Capitol Mall and telework three days a week, on average, dependent on operational needs. Currently in office days are Tuesday and Wednesday.** · About WSB: · The Workforce Services Branch (WSB) admini ...

  • California Governor's Office of Emergency Services

    Staff Services Analyst

    2 weeks ago

    California Governor's Office of Emergency Services Sacramento County, CA, United States

    Are you looking for an exciting and fast-paced career? Join the California Governor's Office of Emergency Services (Cal OES) and be part of an organization that serves as a leader in emergency management and homeland security through dedicated service to all. We are looking for e ...

  • CalSTRS

    Investment Officer, Fixed Income

    1 week ago

    CalSTRS West Sacramento, United States

    **CalSTRS is Hiring Are you ready to take your career to the next level?** · The CalSTRS Investments Branch is seeking an experienced individual to work as an Investment Officer I on the Fixed Income team. · The Fixed Income Unit is dedicated to maximizing risk-adjusted total ret ...

  • Franchise Tax Board

    Staff Operations Specialist,

    3 weeks ago

    Franchise Tax Board Sacramento County, CA, United States

    Under the general direction of the Administrator II in the Filing Enforcement Section, the Staff Operations Specialist on the Filing Enforcement (FE) Systems Analysis and Support (SAS) team works to promote filing compliance of taxpayers and the success of the FE program. The FE ...

  • Rhombus

    Product Manager

    3 weeks ago

    Rhombus Sacramento, United States

    **Who We Are** · Rhombus Systems is on a mission to make the world a safer place. For organizations, video security is an essential tool to maintain safe environments, yet today it is one of the most outdated and stagnant pieces of technology. Rhombus Systems changes that with it ...

  • Gartner

    Managing Partner, IT Strategy Consulting, State and

    3 weeks ago

    Gartner Sacramento, United States

    **Description**: · **Who we are**: · Gartner's Consulting business is an **_extension_** **of Gartner's industry-leading IT Research. From CIOs, to leaders in business and government, we help Gartner clients across enterprises translate insights into transformational actions and ...

  • California Health and Human Services Office of Technology and Solutions Integration

    Information Technology Specialist I

    3 weeks ago

    California Health and Human Services Office of Technology and Solutions Integration Sacramento County, CA, United States

    Job Description and Duties · This position offers an exciting opportunity to participate in delivering a new Comprehensive Child Welfare Information System (CCWIS) with Child Welfare Digital Services (CWDS), a unique collaboration involving the California Health and Human Service ...

  • SAFE Credit Union

    Risk Management Analyst

    3 weeks ago

    SAFE Credit Union Folsom, United States

    Salary Range: $89, $111,800.00 · Exact compensation may vary based on skill, experience and location. · POSITION PURPOSE · The Risk & Assurance Analyst within the Enterprise Risk Management (ERM) department plays a pivotal role in supporting Business Continuity Management and ...

  • SAFE Credit Union

    Risk Management Analyst

    3 weeks ago

    SAFE Credit Union Folsom, United States

    · Salary Range: $89, $111,800.00Exact compensation may vary based on skill, experience and location. · POSITION PURPOSE · The Risk & Assurance Analyst within the Enterprise Risk Management (ERM) department plays a pivotal role in supporting Business Continuity Management and I ...

  • CA State Lottery

    Research Data Analyst I

    1 week ago

    CA State Lottery Sacramento County, CA, United States

    Under the general direction of the Chief of Financial Analysis and Risk Management, the Research Data Analyst I will perform a variety of research, analytical, and technical tasks to support the Finance Division's initiatives in maximizing profits and managing risk. The Finance D ...

  • Public Employees Retirement System

    Associate Governmental Program Analyst

    11 hours ago

    Public Employees Retirement System Sacramento County, CA, United States

    **Anticipated Interview Dates**: We anticipate holding virtual interviews the week of June 3, 2024. · **Telework Information**: This position is eligible for a hybrid work schedule, with up to two days of remote work and three days or more onsite, per week. · Do you have a passio ...

  • California Governor's Office of Emergency Services

    Associate Governmental Program Analyst

    6 days ago

    California Governor's Office of Emergency Services Sacramento County, CA, United States

    Are you looking for an exciting and fast-paced career? Join the California Governor's Office of Emergency Services (Cal OES) and be part of an organization that serves as a leader in emergency management and homeland security through dedicated service to all. We are looking for e ...