Intermediate Security Analyst to assess accuracy of technology and cybersecurity key risk indicators - 11509
Our client is looking for an Intermediate Security Analyst to assess accuracy of technology and cybersecurity key risk indicators - 11509
Location: Hybrid (2-3 days in office, flexible on days)
Duration: ASAP to December 29, 2023
The primary objective of this position is to critically assess the completeness and accuracy of technology and cybersecurity key risk indicators. This involves performing risk assessments, evaluating existing processes, and documenting processes, risks, and controls in the organization’s technology environment. This will be accomplished by partnering with clients, performing comprehensive review of Infrastructure Technology processes, and identifying key issues.
Specific responsibilities for this role are as follows:
- Evaluate the People, Processes, and Technologies that support a key risk indicator
- Review the design and operating effectiveness test workpapers performed by the RCSA team
- Review the processes and controls supporting how data used to calculate the KRIs are sourced, transformed, and reported
- Document end-to-end process narratives
- Use Microsoft Visio or Lucid chart to map out steps in a process
- Contribute to the growth and success of our ETS Governance & Control Team by adapting to an ever-changing technical environment
- Research, learn, and apply knowledge to keep up with next-generation technologies in the environment and promote credibility with our partners
- Collaborate effectively within the ETS G&C Team, to support several Governance & Control functions that will leverage parent process information and documentation.
- 3+ years of Technology Audit, SOX IT Audit or Technology RCSA experience
- Experience with reviewing processes, identifying risks and mapping controls to the risks.
- Experience documenting a process from End-to-End
- Understanding of controls, audit and risk management
- Bachelor’s degree related to Information Systems, Computer Science, Information System Auditing
Nice to Haves:
- Professional certification(s) related to audit or information risk management such as CISA, CISSP, CISM, CISA, GIAC, CRISC