Job Summary:
The Senior Security Risk Analyst works with the Information Security Analyst, Manager and the Chief Information Security Officer (CISO) in developing and maintaining BDO information security capabilities, including evaluating the effectiveness of information security controls, assessing IT risk, and monitoring compliance with information security policies, standards, and requirements. This role will work with cross-functional teams to design and implement security initiatives and will serve as a resource person on specific information security technologies as well as technologies related compliance requirements.
Job Duties:
Risk Management
Maintains and develops security standards, policies, procedures, and services
Performs security risk assessments of BDO USA systems and networks
Recommends strategies, treatments, and technologies for mitigating risks
Reports to management concerning residual risk, vulnerabilities, and other security exposures, including misuse of information assets and noncompliance
Maintains metrics and prepares reports (e.g., reports on performance of security controls to keep management informed about security risks that may affect the company or its customers)
Third Party Risk
Performs vendor security assessments to evaluate third party risk
Evaluates third party documentation to assess compliance with security requirements
Evaluates current and future requirements and develops/recommends governance, technical and operational solutions accordingly
In conjunction with other BDO USA personnel, documents specifications and standards for equipment, hardware, software, and procedures in support of BDO USA policies
Security Controls
Maintains an awareness of security controls and risks in emerging technologies
Serves as a resource person in assessing systems, processes, and projects against compliance requirements, control objectives, and security best practices; interacts with internal and external technical staff and consults with project teams at various stages of project cycles
Evaluates, recommends, and implements security controls to ensure compliance with security requirements
Works with the IT department and members of the information security team to identify, select and implement technical controls
Advisory Responsibilities
Plays an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned
Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle
Researches, evaluates, and recommends information-security-related hardware and software, including developing business cases for security investments of current and new technologies
Provides direct support to the business and IT staff for security related issues
Educates IT and the business about security policies and consults on security issues regarding user built/managed systems
Represents the security needs of the organization by providing expertise and assistance in all IT projects with regard to security issues
Utilizes IT Service Management tools for tracking of assessment and testing activities
Authors and updates technical and procedural documentation
Liaisons with various BDO USA constituencies on behalf of the CISO, as needed
Supervisory Responsibilities:
N/A
Qualifications, Knowledge, Skills, and Abilities:
Education:
High School Diploma or GED, required
Bachelor's degree in Computer Science, or Information Technology, preferred
Experience:
Five (5) or more years of experience proving IT systems security support, risk management, security program, and/or security certification management (i.e. IS027001), required
Five (5) or more years of experience in third party risk management, preferred
Three (3) or more years of experience with ServiceNow, preferred
License(s)/Certification(s):
CISSP, CTPRP, CRISC, CISM, and/or CISA, preferred
Software:
Excellent computer skills and proficient in Excel, Word, PowerPoint, and Outlook, required
Experience with third party risk management solutions or frameworks, required
Language(s):
N/A
Other Knowledge, Skills, & Abilities:
Strong verbal and written communication skills (documenting concepts, designs, presenting to groups, etc.)
Excellent interpersonal and customer relationship skills
Ability to work in a deadline-driven environment while handling multiple complex projects/tasks simultaneously with a focus on details
Ability to successfully multi-task while working independently or within a group environment
Ability to rely on extensive experience and judgement to plan and accomplish goals
Ability to quickly troubleshoot complex problems and take appropriate corrective action
Ability to work well under pressure while dealing with unexpected problems in a professional manner
Ability to communicate and interact with all levels of employees and management
Ability to interact and build consensus among people
Strength in both business and technical requirements analysis
Keywords: Third Party Risk Management, Security Risk Management, Risk Assessments, IT Security Controls, Risk Identification, Risk Mitigation, Security Compliance, SIG, SIG Lite, CAIQ, Security Questionnaires, ISO 27001, Vendor Risk, BitSight, ServiceNow, Risk Treatment, Risk Register, Governance Risk & Compliance, GRC, SOC 2.
Individual salaries that are offered to a candidate are determined after consideration of numerous factors including but not limited to the candidate's qualifications, experience, skills, and geography.
Range: $90,000 - $110,000
All qualified applicants will receive consideration for employment without regard to race, age, color, religion, sex, national origin, disability, protected veteran status, or any other classification protected by law.
