IT Security Control & Risk Analyst

This job is no longer available

Search for More Jobs
American Cancer Society
Atlanta, GA, USA
Full-time

 

The IT Security Control & Risk Analyst ensures that IT operates within required guidelines that safeguard the enterprise from control deficiencies, regulatory gaps and reputational risk. This role will support the security practice in areas such as risk management, compliance management, application security, business continuity, disaster recovery, and security awareness, and enforcement.

Areas of Responsibility: 
  • Conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls.
  • Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
  • Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
  • Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
  • Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
  • Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
  • Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
  • Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
  • Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
  • Verify and update security documentation reflecting the application/system security design features.
  • Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
  • Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc
  • Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.
  • Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment
  • Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
  • Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
  • Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
  • Assess the effectiveness of security controls.
  • Assess the configuration management (change configuration/release management) processes.
Educational Background: 
Bachelor’s Degree in Computer Science, Information Systems or another related field.
Skills/Experience: 
  • Minimum 3-5 years of information security compliance or operations experience.
  • CISA, CISSP, or CCSK or PMP certification a plus. Other relevant security or Governance, Risk, and Compliance focused certifications welcomed.

Demonstrates Information Technology Competencies:

  • Business insight - Applies knowledge of business and the marketplace to advance the organization’s goals.
  • Decision quality - Makes good and timely decisions that keep the organization moving forward. 
  • Action oriented - Takes on new opportunities and tough challenges with a sense of urgency, high energy, and enthusiasm.
  • Optimizes work processes - Knows the most effective and efficient processes to get things done, with a focus on continuous improvement.
  • Ensures accountability - Holds self and others accountable to meet commitments
  • Collaborates - Builds partnerships and working collaboratively with others to meet shared objectives.
  • Communicates effectively - Develops and delivers multi-mode communications that convey a clear understanding of the unique needs of different audiences
  • Instills trust - Gains the confidence and trust of others through honesty, integrity, and authenticity

Other Skills:

  • General IT Security - Ability to understand the basic concepts and issues related to cyber and its organizational impact.
  • Analysis/Assessment - Ability to design valid and reliable assessments.   
  • Risk Management - Knowledge of risk management processes and frameworks (e.g., methods for assessing and mitigating risk).  
  • Access Management - Knowledge of authentication, authorization, and access control methods.   
  • Application Security - Knowledge of computer programming principles and system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting)
  • Vulnerability Management - Knowledge of cyber defense and vulnerability assessment tools and their capabilities.   
  • General Knowledge - Ability to answer questions in a clear and concise manner, ability to ask clarifying questions; Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

SPECIAL MENTAL OR PHYSICAL DEMANDS:

  • Work is normally performed in a typical interior/office work environment
  • No or very little physical effort required
  • No or very limited exposure to physical risk
  • Self-motivated and able to organize work for others.
  • Able to work quickly with attention to detail including high-pressure situations.
  • Ability to travel when necessary
Compensation/Benefits: 

We are committed to providing staff with fulfilling opportunities to learn, grow and make an impact in their local communities. We offer staff a generous paid time off policy; medical, dental and retirement benefits, and professional development programs to enhance staff skills.

How to Apply: 

https://jobs.cancer.org/job/atlanta/it-security-control-and-risk-analyst...

Job Function: 
Technology / Data Management

Organization Info

American Cancer Society

Overview
Headquarters: 
Atlanta, GA, United States
Website: 
cancer.org
Annual Budget : 
More than $500M
Founded: 
1913
About Us
Areas of Focus: 
Healthcare / Public Health
Diseases / Disorders
Mission: 

Together with our millions of supporters, the American Cancer Society (ACS) saves lives and creates a world with less cancer and more birthdays by helping people stay well, helping people get well, by finding cures, and by fighting back.

The American Cancer Society is a nationwide, community-based voluntary health organization dedicated to eliminating cancer as a major health problem.

You can connect with us through LinkedIn groups: American Cancer Society Supporter, American Cancer Society Relay For Life, or American Cancer Society Making Strides Against Breast Cancer.

Listing Stats

Post Date: 
Oct 29 2018
Active Until: 
Nov 29 2018
Hiring Organization: 
American Cancer Society
industry: 
Nonprofit