Business Analyst - Information Security Risk Program - Contract
- Job Title
- Business Analyst - Information Security Risk Program - Contract
- Job ID
- Ann Arbor, MI 48104
- Other Location
Title: Jr. Business Analyst (Information/IT Security/Risk) (1-3 years of experience in IT/Cyber Security)
From our start in 2009, Conexess has established itself in 3 markets, employing nearly 200+ individuals nation-wide. Operating in over 15 states, our client base ranges from Fortune 500/1000 companies, to mid-small range companies. For the majority of the mid-small range companies, we are exclusively used due to our outstanding staffing track record
Who We Are:
Conexess is a full-service staffing firm offering contract, contract-to hire, and direct placements. We have a wide range of recruiting capabilities extending from help desk technicians to CIOs. We are also capable of offering project based work.
As we continue to mature the information security program, we recognize the value of an Information Security Business Analyst as one of the key enablers of such a program.
The position is a critical member of the Information Security team. The role will report directly to the Information Security Governance, Risk & Compliance Manager, and will work closely with various Information Security personnel in the organization. The role is also expected to establish a strong working relationship with various team members and departments.
The position will play an important role in the Governance, Risk & Compliance (GRC) program, with a heavy focus on third-party cyber risk management. The position will work closely with other Team Members within the Information Security team. The position is expected to collaborate with other functions within the Technology department and other business units.
The position will work with the Information Security Leadership team, all functions within the Information Security organization, the broader Technology department, and various business units.
The candidate is expected to have proven knowledge and experience in information security, information technology, third-party cyber risk management, privacy (CCPA and GDPR), and business field.
- A bachelor's degree in computer science, information systems, business, or other related field; or equivalent work experience.
- 2 to 3 years of general information technology work experience (more than 1 year of information security third-party cyber risk work experience is preferred for Infosec Business Analyst role).
- CISSP, CISA, CISM, CRISC, CGEIT or other relevant certifications is desired but not required.
Responsibilities and Duties
- Perform initial risk reviews on new vendor relationships based on services provided and potential risk areas identified.
- Work directly with the customer (business) to coordinate remediation efforts on issues identified during risk reviews.
- Work with the customer on performing self-assessments for existing vendors.
- Regular monitoring and reporting of vendor risks via dedicated dashboards and internal reporting.
- Coordinate periodic business reviews with key customers/departments.
- Work with the GRC team to ensure the annual functional goals are met.
- Obtain and maintain deep understanding of Infosec technologies, processes, capabilities, and services.
- Act as a liaison between Infosec, customers (business) and external customers (e.g. franchisees); develop and maintain strong relationship with key customer contact.
- Serve as a consultant and trusted advisor to the customer (e.g., third-party cyber risk, technical, privacy, compliance).
- Regularly update the Third-Party Risk Lead and Manager on status’ of open risk reviews and other projects.
Required Core Competencies
- The team member is expected to possess the relevant leadership competencies, including the following:
- Follows through on commitments, acts with integrity and takes personal responsibility for decisions, actions, and failures, establishes clear responsibilities and processes for monitoring work and measuring results
- Assumes positive intent of others, works cooperatively with others across the organization to achieve shared objectives, represents own interests well while being fair to others and their areas, partners with others to get work done, credits others for their contributions and accomplishments, gains trust and support of others
- Shows personal commitment and takes action to continuously improve, accepts assignments that broaden capabilities, demonstrates curiosity and openness to differences, new ideas and thinking, demonstrates vulnerability, including a willingness to ask for help or acknowledge mistakes.
- Gains insight into customer needs, identifies opportunities that benefit the customer, builds and delivers solutions that meet customer expectations, establishes and maintains effective customer relationships.
- Promotes information sharing, collaboration, and transparency.
- Aligns and supports leadership strategic directives and contributes to team’s objectives.
Required Technical Skills
- Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
- Ability to conduct assessments, including analyzing test data and rendering conclusions. Skill in using data mapping, analysis, and visualization tools. Skill in conducting assessments of technical systems. Skill in assessing security controls based on cybersecurity principles. Understands impact/risk assessments and root cause analysis.
- Ability to understand cyber security impact to organization and how to apply cybersecurity principles to organizational requirements (relevant to confidentiality, integrity, availability).
- Ability to communicate complex information in a clear, concise and organized manner. Demonstrates skill in managing client relationships and expectations and demonstrating commitment to delivering quality results.
- Ability to apply critical thinking to evaluate information for reliability, validity, and relevance. Ability to function in a collaborative environment, seeking consultation with analysts and experts to leverage technical expertise.
- Knowledge of risk management processes, cybersecurity and privacy principles, and cyber threats and vulnerabilities.
- Knowledge of information classification concepts. Knowledge of principles for managing risks related to handling of data and information.
- Knowledge of applicable business processes and operations of customer organizations.
- Skill in interfacing with customers.
- Ability to tailor technical and planning information to a customer’s level of understanding.
- Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
- Knowledge of secure software deployment methodologies, tools, and practices, and application security risks.
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- Knowledge of cyber threats and vulnerabilities.
- Knowledge of new and emerging information technology (IT) and cybersecurity technologies.