Senior IT/InfoSec Risk Analyst
Location: NYC - HYBRID (3 days on-site)
Compensation: $120,000 - $170,000 base + 20% bonus + benefits
Glocomms are partnered with a leading Investment Management firm in the search for a Senior Information Security Analyst to join the Security team on a full-time basis, located in Manhattan, NY. The ideal candidate will come from a Banking/Financial Services background with experience performing risk assessments on applications, vendors, and infrastructure against risk frameworks.
Responsibilities:
- Conduct thorough risk assessments on the firms infrastructure, applications, assets, and vendors.
- Perform controls testing to ensure operational adequacy whilst upholding risk and control self-assessment framework within the technology division.
- Provide recommendations on how to improve the overall security risk program and overall security posture.
- Accessed IT processes and had a heavy hand in developing an asset program.
- Assist assessment activities with vendors by providing support to the InfoSec Application Risk Assessment Program.
- Create policy documents, process work-flow documents, assessment templates, and report templates.
- Conduct third-party due diligence on partners/service providers, certifying that appropriate controls are in place to protects the firms data and assets.
- Develop and maintain the third-party risk database to track status, due diligence efforts, metrics reporting, and risk finding.
- Contribute to vendor audits (virtually or on-site) from an InfoSec perspective.
- Report finding to senior management and provide recommendations.
Qualifications/Experience:
- 5+ years of experience within Risk Management in areas or Information Technology/Information Security.
- *Must have experience with evaluating and assessing IT processes (ITIL service management, COBIT).
- Experience with security frameworks such as ISO27001-2, NIST, etc. with an understanding of SOC1, SOC2, SSAE 16/18, ISO27000, etc.
- Extensive knowledge and experience working with information systems, tech risk analysis for vendors/third-party service providers.
- Experience working with GRC tools such as Archer, MetricStream, etc.
- Experience challenging IT teams processes for improvement.
- Must have strong verbal and written communication skills.
This is an exciting greenfield opportunity for an experience IT/InfoSec Risk Analyst to join a leading Investment Management firm on a full-time permanent basis, working hybrid in NYC (3 days on-site). If you are qualified for this position, please apply and Akash Solankee from the Glocomms Cyber Security Recruitment Team will reach out to you directly.
