Information Security Risk Assessment Sr. Analyst

Overview : TekWissen is a global workforce management provider headquartered in Ann Arbor, Michigan that offers strategic talent solutions to our clients world-wide. Job Title: Information Security Risk Assessment Sr. Analyst Location: San Jose CA 95002 Duration: 6 Months Job Type: Contract Work Type: Hybrid JOB DESCRIPTION: About the Role As a Security Risk Assessment Sr. Analyst at the client, you will support the Information Security Risk Management Program which is part of the client InfoSec Governance, Risk, and Compliance (GRC) team. This role involves evaluating potential security risks from threats and vulnerabilities within the organization's people, processes and technologies, documenting the identified risks and effectively communicating them and recommendations to stakeholders across the organization. You will collaborate with teams cross-functionally to ensure the organization is well-informed of identified security risks and monitor the steps taken to timely mitigate them. The ideal candidate possesses a strong background in cybersecurity and risk management, with hands-on working knowledge and experience in risk management frameworks such as NIST RMF, FAIR, and OWASP, and is capable of effectively communicating with stakeholders enabling them to make risks in alignment with our security culture and business priorities. Key Responsibilities: Conduct security risk assessments to identify, score and document potential risks from threats and vulnerabilities within the organization's infrastructure and applications. Perform control effectiveness assessment by collaborating with cross-functional teams to understand technical implementations and assess control strength Communicate identified security risks and their potential impact to stakeholders, including technical and non-technical audiences. Track and report on the status of risk remediation efforts, ensuring timely resolution and compliance with organizational policies. Maintain security risk register and ensure timely updates of the risk register Contribute to performing risk aggregation and risk analysis to identify top risks and areas of focus/improvement for prioritization Contribute to developing detailed reports and presentations on risk assessments, including identified aggregated top risks, risk treatment progress, trending and escalation. Ensure these reports are understandable to technical and non-technical stakeholders, including senior management Demonstrate a process-oriented, results-driven approach to security risk engineering, employing effective problem-solving and communication skills to serve as a subject matter expert and trusted advisor Actively contributes to the administration, maintenance and process improvements of the GRC risk assessment program Performs other job duties as required Required Qualifications: Bachelor's degree in Computer Science, Information Security, or a related field. 5 years of experience in security risk assessment, with strong background in cybersecurity and risk management, with hands-on working knowledge and experience in risk management frameworks such as NIST RMF, FAIR, and OWASP Strong technical knowledge of security controls, including but not limited to access controls, encryption, network security, and vulnerability management. Demonstrated experience working within a GRC framework, with an understanding of regulatory and compliance requirements (e.g., PCI DSS, SOC). Proven ability to work collaboratively with engineering teams to assess and mitigate security risks. Experience with security risk remediation programs, including technical implementation and compliance considerations. Strong analytical and problem-solving skills, with attention to detail and accuracy. Strong collaboration skills, with experience working cross-functionally with IT, Engineering, and other stakeholders. Excellent communication skills, capable of translating technical concepts into actionable insights for both technical and non-technical stakeholders. Experience in identifying process improvements and enhancing operational efficiencies within security programs. Experience with GRC Risk Management tool including tool implementation will be plus Preferred Skills: Experience with security assessment tools and methodologies. Knowledge of cloud security best practices and technologies (e.g., AWS, Azure, GCP). Strong project management skills with the ability to prioritize tasks and manage multiple projects simultaneously. Certifications like PMP, CISSP, or CISM are a plus but not required. TekWissen® Group is an equal opportunity employer supporting workforce diversity.