Business Technology Risk Analyst (mult.)
Tracking Code
8225-415
Job Description
The American Heart Association (AHA) has an excellent opportunity for a Business Technology Risk Analyst in our National Center office located in Dallas, TX .
Essential Job Duties:
Responsible for the overall risk identification and information systems management of the organization. Conduct security assessments, maturity measurement, and threat modeling exercises. Identify and resolve security threats and vulnerabilities. Develop and implement strategic initiatives to accomplish the goals of AHAs Cyber Risk Management Program (CRMP). Implement and enhance the Service Provider Security Assessment process. Maintain security scorecards and metrics from vendors, corporation functions and affiliated offices. Review and analyze statistics of network events and system performance to locate and recommend remediation and lead strategies for discovered vulnerabilities in AHA information systems. Lead and manage the Vulnerability Management Program, including coordinating across the Business Technology team, managing Vulnerability Scans, and reporting to Technology Management. Evaluate business needs against system security concerns and articulate issues and options to management. Assist technical teams in prioritizing remediation of vulnerabilities by severity level, as well as track remediation efforts across technical teams and service providers. Research, evaluate and test new cyber security tools and capabilities. Research, evaluate and assess emerging cyber security threats and trends.
Want to help get your resume to the top? Take a look at the experience we require:
Required Experience
Bachelor’s degree in Computer Information Systems, Computer Science, Systems Engineering, or related field and 6 years of progressive, post-baccalaureate experience in the job offered or related occupation applying information security control methods, processes and risk management best practices. Experience and skill set must include: 1) Must have at least two of the following information Security Certifications: CEH, CISSP, CISM, GIAC, ABCP. 2) Four years of hands-on experience performing Cyber Security and Compliance Controls frameworks, including implementation and technical assessment and the certification process on the Payment Card Industry Data Security Standards and ISO-27001 controls framework. 3) Six years of experience implementing Risk–Controls Lifecycle, including, but not limited to Security risk analysis, Risk metrics, and remediation report. 4) Six years of experience on Vendor Security Risk Assessments, including but not limited to: Cloud Hosting Providers, Software as a Service, among others, and evaluate these ensuring they meet with security standards and requirements. 5) Six years of user experience and administration of Vulnerability Management tools including Web Application Scans, External and Internal network scans, penetration testing, among others. 6) Six years of experience interpreting technical vulnerabilities to business impact. 7) Six years of proven technical information security knowledge to assess cyber security threats, including threats identified through Malware detection, Intrusion Detection System / Intrusion Prevention System (IDS/IPS), and Security Incident and Event Monitoring (SIEM); Experience must include definition of correlation rules, assessment of proper remediation and escalation for each security alert. 8) Four years of experience briefing technical and non-technical management on cyber issues, threats, vulnerabilities and risk reduction tasks. 9) Four years of experience responding to security incidents including gathering, analyzing and presenting forensic evidence for cyber malware and intrusions. 10) Six years of experience effectively communicating security-related concepts to a broad range of technical and non-technical staff across IT and business, including presentations to technical teams and Management. 11) Proven experience working effectively in a multi-task, fast-paced environment led by multiple projects and conflicting priorities.
So, are you ready to work for the largest voluntary health organization dedicated to fighting heart disease, stroke and other cardiovascular diseases? Click on “New Resume” (or “Existing Resume” if you have previously applied to AHA positions) to submit your online application. Only those candidates deemed most qualified by the hiring manager will be contacted to interview.
At American Heart Association | American Stroke Association, diversity, inclusion and equal opportunity applies to both our workforce and the communities we serve as it relates to heart health and stroke prevention.
This position not a match with your skills? Click here to see other opportunities with the American Heart Association
Be sure to follow us on Twitter to see what it is like to work for the American Heart Association and why so many people enjoy #TheAHALife at https://twitter.com/theahalife
Job Location
Dallas, TX, United States
Position Type
Full-Time/Regular
Job Category: Information Technologies
EOE Minorities/Females/Protected Veterans/Disabled