American Heart Association
Sr. Cyber Risk Analyst
American Heart Association, Gaithersburg, Maryland, us, 20883
Job Information
American Heart Association Sr. Cyber Risk Analyst Gaithersburg, Maryland Role posted within several U.S. cities - 2024-13159
OverviewAs we celebrate our Centennial year, we invite you to join us in shaping the next century of impact. Be a relentless force for a world of longer, healthier lives as we remain devoted to a future of health and hope for everyone, everywhere. At the American Heart Association, your contribution matters, and so does your career.The
American Heart Association
has an excellent opportunity for a
Sr. Cyber Risk Analyst
in our
National Center
office located in
Dallas, TX. (Home-based work available)The Business Technology (BT) Sr. Cyber Risk Analyst is responsible for risk identification and management across the BT department and the overall American Heart Association organization. This position will support the BT Risk Manager in the management and administration of the Cyber/Risk Management program and Governance Risk and Compliance (GRC) processes and tools.The primary goal of the BT Risk Management team is to protect the confidentiality, integrity, and availability of American Heart Association's data. The Sr. Cyber Security Risk Analyst will partner with all appropriate parties which includes, but is not limited to: other departments, service providers, application service providers, technology staff, etc. to help ensure risks are managed appropriately to support the BT Risk Management needs of the American Heart Association.ResponsibilitiesActive participation in developing and implementing strategic initiatives for the Cyber Risk Management Program (CRMP). Apply quantitative risk valuation models and tooling to inform and support strategic and tactical risk-based decisions.Enhance Vendor Security Assessment process by collaborating with business and technology stakeholders. Maintain security scorecards and metrics from vendors, corporate functions and affiliated offices.Review and analyze statistics of network events and system performance to locate and recommend remediation and lead strategies for discovered vulnerabilities.Assist and partner with the Affiliates on annual PCI Data Security Certification Process.Coordinate Technical incident response. Support incident response efforts and conduct post-incident analysis to identify areas for improvement.Assist project teams in the implementation of security measures to meet corporate security policies, manage risk, and meet external regulations, including various data security standards.Weight business needs against security concerns and articulate issues and options to management. Research and assess new threats and security alerts and recommend remedial action.Ensure proper documentation of technology assessment results, and monitor remediation. Deliver all documentation developed during task execution, with status of all work in progress. Create Weekly and Monthly Status Reports, including daily technical task reports, threat management reports, among others.Support the Business Technology Disaster Recovery process.QualificationsBachelor's degree in one of the following areas: Computer Sciences, Computer Engineering, Information Assurance, Information Security and/or Risk Management.At least 6 years of experience applying information security controls methods, processes and risk management best practices in a Global-International forum.Proven experience in successfully implementing PCI DSS framework.Strong technical information security knowledge to assess various information security and risk management processes and tools.Experience with Security Controls frameworks (e.g. CobIT, ISO 27001, NIST, PCI DSS, RMF, among others) and knowledge of privacy regulations (e.g. GDPR, CPRA, CPA, etc.)Able to work effectively in an environment characterized by multi-tasking, fast-paced, lead by multiple projects and conflicting priorities. Multi-level communications and interpersonal skills (including strong documentation skills).Able to effectively communicate security-related concepts to a broad range of technical and non-technical staff; across IT and business.Information Security Certification(s) preferred, which may include, but is not limited to: CEH, CISSP, PCI ISA, among others.Compensation
– Our goal is to ensure you have a competitive base salary. That’s why we regularly review the market value of jobs and make adjustments, as needed.Performance and Recognition
– You are rewarded for achieving success by merit increases and incentive programs, based on the type of position.Benefits
– We offer a wide array of benefits including medical, dental, vision, disability, and life insurance, along with a robust retirement program that includes an employer match and automatic contribution.Professional Development
– You can join one of our many Employee Resource Groups (ERG) or be a mentor/mentee in our professional mentoring program. HeartU is the Association’s national online university, with more than 100,000 resources designed to meet your needs and busy schedule.Work-Life Harmonization
– The Association offers Paid Time Off (PTO) at a minimum of 16 days per year for new employees. The number of days will increase based on seniority level. You will also have a total of 12 paid holidays off each year, which includes several days off at the end of the year.Tuition Assistance
- We support the career development of all employees. This program provides financial assistance to employees who wish to further their education and career in relation to their current duties and responsibilities, or for potential future positions in the organization.The American Heart Association’s 2024 Goal: Every person deserves the opportunity for a full, healthy life. As champions for health equity, by 2024, the American Heart Association will advance cardiovascular health for all, including identifying and removing barriers to health care access and quality.At American Heart Association | American Stroke Association, our mission is to be a relentless force for a world of longer, healthier lives, regardless of race, ethnicity, gender, gender identity, religion, age, language, sexual orientation, national origin and physical or cognitive abilities.EOE/Protected Veterans/Persons with DisabilitiesPosted Date
3 weeks ago
(4/29/2024 1:20 PM)
#J-18808-Ljbffr
American Heart Association Sr. Cyber Risk Analyst Gaithersburg, Maryland Role posted within several U.S. cities - 2024-13159
OverviewAs we celebrate our Centennial year, we invite you to join us in shaping the next century of impact. Be a relentless force for a world of longer, healthier lives as we remain devoted to a future of health and hope for everyone, everywhere. At the American Heart Association, your contribution matters, and so does your career.The
American Heart Association
has an excellent opportunity for a
Sr. Cyber Risk Analyst
in our
National Center
office located in
Dallas, TX. (Home-based work available)The Business Technology (BT) Sr. Cyber Risk Analyst is responsible for risk identification and management across the BT department and the overall American Heart Association organization. This position will support the BT Risk Manager in the management and administration of the Cyber/Risk Management program and Governance Risk and Compliance (GRC) processes and tools.The primary goal of the BT Risk Management team is to protect the confidentiality, integrity, and availability of American Heart Association's data. The Sr. Cyber Security Risk Analyst will partner with all appropriate parties which includes, but is not limited to: other departments, service providers, application service providers, technology staff, etc. to help ensure risks are managed appropriately to support the BT Risk Management needs of the American Heart Association.ResponsibilitiesActive participation in developing and implementing strategic initiatives for the Cyber Risk Management Program (CRMP). Apply quantitative risk valuation models and tooling to inform and support strategic and tactical risk-based decisions.Enhance Vendor Security Assessment process by collaborating with business and technology stakeholders. Maintain security scorecards and metrics from vendors, corporate functions and affiliated offices.Review and analyze statistics of network events and system performance to locate and recommend remediation and lead strategies for discovered vulnerabilities.Assist and partner with the Affiliates on annual PCI Data Security Certification Process.Coordinate Technical incident response. Support incident response efforts and conduct post-incident analysis to identify areas for improvement.Assist project teams in the implementation of security measures to meet corporate security policies, manage risk, and meet external regulations, including various data security standards.Weight business needs against security concerns and articulate issues and options to management. Research and assess new threats and security alerts and recommend remedial action.Ensure proper documentation of technology assessment results, and monitor remediation. Deliver all documentation developed during task execution, with status of all work in progress. Create Weekly and Monthly Status Reports, including daily technical task reports, threat management reports, among others.Support the Business Technology Disaster Recovery process.QualificationsBachelor's degree in one of the following areas: Computer Sciences, Computer Engineering, Information Assurance, Information Security and/or Risk Management.At least 6 years of experience applying information security controls methods, processes and risk management best practices in a Global-International forum.Proven experience in successfully implementing PCI DSS framework.Strong technical information security knowledge to assess various information security and risk management processes and tools.Experience with Security Controls frameworks (e.g. CobIT, ISO 27001, NIST, PCI DSS, RMF, among others) and knowledge of privacy regulations (e.g. GDPR, CPRA, CPA, etc.)Able to work effectively in an environment characterized by multi-tasking, fast-paced, lead by multiple projects and conflicting priorities. Multi-level communications and interpersonal skills (including strong documentation skills).Able to effectively communicate security-related concepts to a broad range of technical and non-technical staff; across IT and business.Information Security Certification(s) preferred, which may include, but is not limited to: CEH, CISSP, PCI ISA, among others.Compensation
– Our goal is to ensure you have a competitive base salary. That’s why we regularly review the market value of jobs and make adjustments, as needed.Performance and Recognition
– You are rewarded for achieving success by merit increases and incentive programs, based on the type of position.Benefits
– We offer a wide array of benefits including medical, dental, vision, disability, and life insurance, along with a robust retirement program that includes an employer match and automatic contribution.Professional Development
– You can join one of our many Employee Resource Groups (ERG) or be a mentor/mentee in our professional mentoring program. HeartU is the Association’s national online university, with more than 100,000 resources designed to meet your needs and busy schedule.Work-Life Harmonization
– The Association offers Paid Time Off (PTO) at a minimum of 16 days per year for new employees. The number of days will increase based on seniority level. You will also have a total of 12 paid holidays off each year, which includes several days off at the end of the year.Tuition Assistance
- We support the career development of all employees. This program provides financial assistance to employees who wish to further their education and career in relation to their current duties and responsibilities, or for potential future positions in the organization.The American Heart Association’s 2024 Goal: Every person deserves the opportunity for a full, healthy life. As champions for health equity, by 2024, the American Heart Association will advance cardiovascular health for all, including identifying and removing barriers to health care access and quality.At American Heart Association | American Stroke Association, our mission is to be a relentless force for a world of longer, healthier lives, regardless of race, ethnicity, gender, gender identity, religion, age, language, sexual orientation, national origin and physical or cognitive abilities.EOE/Protected Veterans/Persons with DisabilitiesPosted Date
3 weeks ago
(4/29/2024 1:20 PM)
#J-18808-Ljbffr