Job description
POSITION SUMMARY
IT Risk Analyst supports the effort to continue the maturity of the business by continually searching for opportunities to improve compliance processes, policy, and security risk dynamics. This job manages the risk assessment process for Information Technology initiatives and play a key role in managing IT Risks and Compliance topics.
ESSENTIAL FUNCTIONS
Performs general and application control reviews for simple to complex computer information systems.
Consults with and advises administrators, management and staff on various operational issues related to computerized information systems, and on general business operations as needed.
Assist in the selection and tailoring of approaches, methods, and tools to support service offerings to applicable business units.
Ensure the strict compliance and adherence of IT policies and controls for all users in the organization.
Manages the internal, regulatory, SOX and external audit process, including participation in the audit kickoffs, walkthroughs, findings discussions, closing meetings and confection action plans.
Work directly with internal and external auditors during IT audits to act as the liaison between IT and auditors.
Review and respond to risk assessments as needed.
Analyze business impact and exposure, based on emerging security threats, vulnerabilities, and risks.
Prepare, manage, and deliver to end users the periodic access review process (re-certification) to ensure user profiles are appropriate.
Contribute to the development and maintenance of the information security policies and standards.
Maintain our Disaster Recovery & Business Continuity Plans.
Gather documentation/technical information in support of audit requests and issue remediation efforts.
Stay up to date on information technology trends and security standards, including financial Services and IT security trends and news, at a state, national and regulatory level.
Develop company-wide best practices and policies for IT security.
Coordinate or perform Penetration Tests and Vulnerability Scans and evaluate results to proactively identify and fix security flaws and vulnerabilities.
Verify and coordinate detected vulnerabilities remediation measures to maintain a high-security standard.
Responsible for assessing and prioritizing vulnerabilities utilizing a risk-based approach to expedite the remediation process
Perform research and analysis of emerging and disruptive Information Technology / Information Security trends and tendencies that may affect the organization.
Assist colleagues understand information risk and security management.
Research security enhancements and make recommendations to management.
Independent and strategic thinker with ability to influence and promote change within an organization.
Manage day to day security activities such as (but not limited to):
- Monitoring security access.
- Conducting security assessments through vulnerability testing and risk analysis.
- Performing internal security audits and risk assessments and coordinate external audits and risk assessments.
- Analyzing security breaches to identify the root cause.
- Verify the security of third-party vendors and collaborate to meet security requirements.
- Perform disaster recovery tests as required or needed.
- Maintain monitor and, if applicable, follow up the security logs of the databases, servers, and applications.
OTHER IMPORTANT DUTIES, RESPONSIBILITIES AND/OR TASKS
Technical support to airport and company equipment, including software or hardware troubleshooting.
Investigate and coordinate the remediation of security breaches and other cyber security incidents.
Identifies computer system problems by diagnosing and solving hardware or software faults. (troubleshooting).
Respond to tickets created from Help Desk ticketing system.
Participates in meetings and orientations.
Execute any other duties assigned by the Supervisor.
JOB QUALIFICATION REQUIREMENTS
A. Education:
Bachelor’s Degree in Information Technology from an accredited university or related experience in supporting regulated systems.
B. Technical training, license, certifications and/or other requirements:
CISA, CRISC, CISM
MCSA: Windows Server, Security +
C. Experience:
The position requires two (2) years of related experience.
D. Special skills, knowledge and abilities (competencies):
Language skills in Spanish and English. Ability to read and understand instructions, correspondence, and memos. Ability to write simple correspondence and make simple presentations of information, effectively, an individual or small groups of customers and other employees of the organization.
Strong analytic thinking capacity.
Strong quantitative problem-solving ability.
Strong computer literacy with MS Office software. Expert in the use of MS Excel.
Statistical, financial and mathematics skills.
Ability to work independently, organize workload, prioritize, multitask, foresee problems, and accomplish established work plan on a timely manner.
Work with mathematical concepts such as probability to add, subtract, multiply, and divide in all units of measure, using whole numbers, common fractions, and decimals skills. Ability to compute rates, proportions, and percentages, and draw and interpret simple graphs. Apply concepts such as fractions, percentages, ratios, and proportions to practical situations. Proficient with office equipment, computers, calculators, photocopy and fax machine and phone.
Ability to maintain confidential data.
Ability to adapt easily to change.
Ability to work with a goal-oriented operation.
Ability to develop and maintain productive relationships with customers and internal departments.
Ability to deal with problems involving some variables in common situations.
Schedule: Monday to Friday 12:00pm to 9:00pm
Job Type: Full-time
Salary: $42,000.00 per year
Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Health insurance
- Life insurance
Experience level:
- 2 years
Schedule:
- Monday to Friday
Education:
- Bachelor's (Required)
Experience:
- Cybersecurity: 2 years (Required)
- Information security: 2 years (Required)
Work Location: In person