Information Security Analyst

Role Description:

Work independently or as a part of the team to deliver IT Governance, Risk and Compliance (GRC) Automation projects including: Automating compliance assessments for multiple industry standards and regulations, including: ISO27001, ISO22301, NIST 800-53, PCI DSS, SOX 404, SOC2, NYDFS, HIPAA. Automation of risk assessment and treatment.
Understand customer requirements and document business requirements.
Define the High level & Low-level design document.
Install infrastructure for Archer based on best practices and install RSA Archer application.
Configure Data Feeds, Workflows, Data Driven Events, Mail Merge, Notifications, Dashboard and Reports.
Manage Archer roles & groups, record permissions and provide administer user access.
Develop import templates and populate templates with legacy data.
Integrate with third party tool with .csv & xml files.
Continue to build on cybersecurity knowledge and skills and improve on documentation & presentation skills
Support internal practice development initiatives, including: improving tools, templates and techniques used to deliver engagements, conceptualize new services and solutions, development of technical papers and marketing collaterals.

Desired Profile:

At a minimum working knowledge of ISO 27001 ISMS development and implementation.
Risk assessment and management, including risk modelling, analysis and mitigation.
Compliance assessment and security audit experience.
API development and working knowledge of ETL.
.NET programming skills and knowledge of SQL is preferred.
Demonstrable knowledge on Documentation and business reporting.
Excellent communication skills, written and spoken. Analytical thinker, detail-oriented.
Uses process/policies/standards knowledge and skills to complete complex work.
Communicates effectively with clients and seeks to understand and anticipate their needs.
Continuously finds new solutions to problems and actively shares knowledge with the team.