Saxon Global
Cyber Risk Analyst
Saxon Global, Union, Kentucky, United States, 41091
Job Description:
The IT risk analyst supports the IT risk management practice, which ensures risk is proactively identified, decisioned, communicated and monitored. The primary responsibilities of the IT risk analyst are to perform assessments of potential risk exposures and prepare actionable risk reporting. In this role, it is critical to foster strong working relationships with leaders in other areas of the enterprise to perform evaluations of the enterprise risk posture and to offer independent advice regarding ways to reduce risk in line with established risk appetites.
The successful candidate thinks strategically, is intellectually curious and is comfortable working in undefined problem spaces. As a member of a growing enterprise, the IT risk analyst will be expected to shape and further refine the risk program and will have the opportunity to operate with both autonomy and empowerment from senior leadership.
Top Must Haves:•Risk management experience: previous experience working and reviewing cyber risk assessments•Familiarity with cyber security frameworks, such as, NIST-CSF•Experience with risk tools (administrative, power user, user)•Facilitate cyber risk communications, cyber risk lifecycle task completion and cyber risk aware decision making with technical and non-technical audiences
Requirements:
Prefer 5-10 years experience in governance, risk, and complianceJob field related certification(s), CISSP/CISA/CRISC (preferred but not required)Previous experience as a compliance analyst in a related field.In-depth knowledge of industry compliance requirements and standards.Proficiency in compliance management software, Archer, ServiceNow, MetricStream, etc.Ability to accurately complete applications for compliance certification.Ability to effectively train employeesExceptional communication and interpersonal skills.Understanding of regulatory frameworksRequirements analysisAbility to develop standards to maintain legal complianceQuality managementCritical thinking and problem-solving skillsOrganization, project management, and strategic planning skillsFamiliarity with process improvement methodologyAttention to detailAbility to embrace complexityKey Responsibilities
Managing cyber risk assessmentsEvaluating internal Kroger operational controls for alignment to cyber risk treatment needs.Analyzing, framing, and updating threat and risk scenarios for use in cyber risk managementCommunicating cyber risk to Management and designated stakeholders.Assess and update cyber risk appetites for LOB.Evaluate cyber risk treatment options and facilitate communication to stakeholders.Training employees on cyber risk aware and risk first culture.Adjust cyber risk scores based on available controls and treatment options.Create cyber risk dashboards/reports based on complex risk, process and control relationships.Facilitate risk management oversight in supporting internal/external audits and regulatory exams.
Required Skills : Cyber Risk, NIST-CSFBackground Check :YesDrug Screen :YesNotes :Selling points for candidate :Project Verification Info :The information provided below is for Apex Systems AV use only and is not to be distributed publicly, or to any third party. Any distribution of the below information will result in corrective action from Apex Systems Vendor Management. MSA: Restricted Client Letter: Will ProvideCandidate must be your W2 Employee :YesExclusive to Apex :NoFace to face interview required :NoCandidate must be local :YesCandidate must be authorized to work without sponsorship ::NoInterview times set : :NoType of project :Master Job Title :Branch Code :
The IT risk analyst supports the IT risk management practice, which ensures risk is proactively identified, decisioned, communicated and monitored. The primary responsibilities of the IT risk analyst are to perform assessments of potential risk exposures and prepare actionable risk reporting. In this role, it is critical to foster strong working relationships with leaders in other areas of the enterprise to perform evaluations of the enterprise risk posture and to offer independent advice regarding ways to reduce risk in line with established risk appetites.
The successful candidate thinks strategically, is intellectually curious and is comfortable working in undefined problem spaces. As a member of a growing enterprise, the IT risk analyst will be expected to shape and further refine the risk program and will have the opportunity to operate with both autonomy and empowerment from senior leadership.
Top Must Haves:•Risk management experience: previous experience working and reviewing cyber risk assessments•Familiarity with cyber security frameworks, such as, NIST-CSF•Experience with risk tools (administrative, power user, user)•Facilitate cyber risk communications, cyber risk lifecycle task completion and cyber risk aware decision making with technical and non-technical audiences
Requirements:
Prefer 5-10 years experience in governance, risk, and complianceJob field related certification(s), CISSP/CISA/CRISC (preferred but not required)Previous experience as a compliance analyst in a related field.In-depth knowledge of industry compliance requirements and standards.Proficiency in compliance management software, Archer, ServiceNow, MetricStream, etc.Ability to accurately complete applications for compliance certification.Ability to effectively train employeesExceptional communication and interpersonal skills.Understanding of regulatory frameworksRequirements analysisAbility to develop standards to maintain legal complianceQuality managementCritical thinking and problem-solving skillsOrganization, project management, and strategic planning skillsFamiliarity with process improvement methodologyAttention to detailAbility to embrace complexityKey Responsibilities
Managing cyber risk assessmentsEvaluating internal Kroger operational controls for alignment to cyber risk treatment needs.Analyzing, framing, and updating threat and risk scenarios for use in cyber risk managementCommunicating cyber risk to Management and designated stakeholders.Assess and update cyber risk appetites for LOB.Evaluate cyber risk treatment options and facilitate communication to stakeholders.Training employees on cyber risk aware and risk first culture.Adjust cyber risk scores based on available controls and treatment options.Create cyber risk dashboards/reports based on complex risk, process and control relationships.Facilitate risk management oversight in supporting internal/external audits and regulatory exams.
Required Skills : Cyber Risk, NIST-CSFBackground Check :YesDrug Screen :YesNotes :Selling points for candidate :Project Verification Info :The information provided below is for Apex Systems AV use only and is not to be distributed publicly, or to any third party. Any distribution of the below information will result in corrective action from Apex Systems Vendor Management. MSA: Restricted Client Letter: Will ProvideCandidate must be your W2 Employee :YesExclusive to Apex :NoFace to face interview required :NoCandidate must be local :YesCandidate must be authorized to work without sponsorship ::NoInterview times set : :NoType of project :Master Job Title :Branch Code :