AVP - Information Security Risk Analyst
USA- FL- Jacksonville, Main
- Support Information Risk Assessment processes by providing technical security expertise in support of application, infrastructure, and vendor/third party risk and control assessment management
- Provide guidance on maturing threat and vulnerability management processes.
- Ensure potential vulnerabilities are assessed and, if applicable, promptly addressed.
- Provide recommendations for improving configuration standards, based on industry standards.
- Actively participate in meetings and dialogue with IT teams to drive a risk awareness culture and the Information Risk agenda
- Continually look for ways to raise the bar and ensure higher levels of standards across the risk and compliance domain
- Review regulatory guidance on an ongoing basis to ensure that policies remain current and appropriate
- Participate in new system development and implementation reviews by reviewing project documentation, conducting interviews and assessing completed work to ensure that development efforts are in compliance with organizational policies, standards and procedures and that controls are adequately incorporated into systems
- Assist management in the identification and assessment of technology and business related controls
Minimum Requires Skills and Experience
- Bachelor’s Degree in Computer Science, Information Systems, or other related field; or equivalent work experience
- Minimum of 3 years of professional experience in Information Technology Risk or related field
- Ability to objectively assess IT systems and processes, and devise effective solutions to mitigate risk
- Experience in an information security role in a financial services organization preferred
- Effective organizational skills including attention to detail and the ability to implement change
- Strong written and oral communication skills including the communication of complex technical issues & concepts to non-technical staff
- Strong knowledge of information systems and security controls, of attack types and methodologies
- Experience working with perimeter technologies (e.g., firewalls, proxies, NIDS) and vulnerability management tools
- Demonstrated ability to prioritize and manage competing work assignments in a time sensitive environment
- Ability to weigh business risks and enforce appropriate information security measures
- Ability to manage relationships with outsourced information technology service providers
CIT is an Equal Opportunity Employer
CIT is an Equal Employment Opportunity (EEO) employer. It is the policy of CIT to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, national origin, age, protected veteran or disabled status. If you would like more information about your EEO rights as an applicant under the law, please click here.