Senior IT Risk Analyst

GENERAL PURPOSE:


The Senior IT Risk Analyst is responsible for executing IT risk management processes within Ross. This includes performing risk assessments, tracking mitigation efforts and developing risk metrics and risk reports. This position is also responsible for executing security risk related projects and programs, such as third party risk assessments, updating security policies and standards and executing security awareness programs.


ESSENTIAL FUNCTIONS:

  • Performs risk assessments to identify current and future security vulnerabilities.

  • Performs third party risk management and participates in reviews of contracts agreements to ensure necessary security controls have been included as part of services and capabilities for the protection of organization assets

  • Assists the IT Risk Lead Analyst during product and vendor selection process.

  • Assists the IT Risk Lead Analyst to build standards to support vendor selection and RFP process.

  • Maintains risk register and develops IT Risk Management metrics and reports

  • Executes information security awareness programs by regularly conducting exercise to educate employees of the information security and best practices.

  • Monitors current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy.

COMPETENCIES:

  • Analysis / Judgment

  • Team Work

  • Communication

  • Customer Service

  • Drive for Results

  • Interpersonal Effectiveness

  • Technical Competence and Expertise

  • Business Acumen

QUALIFICATIONS AND SPECIAL SKILLS REQUIRED:

  • Five years of Information Technology in Security and/or Risk Management.

  • Bachelor degree preferred or equivalent combination of education and relevant experience

  • Strong understanding of security governance, compliance and risk management principles.

  • Proficient in Microsoft Word, Excel, Powerpoint

  • Excellent analytical, organizational and communication skills

  • Strong Project Management skills

PREFERRED QUALIFICATIONS:

  • CISSP (Certified Information Systems Security Professional)

  • CRISC (Certified in Risk and Information Systems Control (CRISC)

  • Working knowledge of UNIX and Windows

  • Firewalls, VPN, PKI, IPS

  • Oracle, MS SQL

  • Virtualization Security

  • Software programming skills

PHYSICAL REQUIREMENTS/ADA:

  • Requirements: Consistent timeliness and regular attendance. Job requires ability to work in an office environment, primarily on a computer. The job also requires sitting, standing, walking, talking on the telephone, attending in-person meetings, typing, and working with paper/files, etc.

  • Occasional Requirements: Job occasionally requires bending, kneeling, reaching, and lifting up to 10 pounds.

  • May also require occasional driving and/or traveling overnight for business functions or site visits.

  • Vision requirements: Ability to see information in print and/or electronically.

SUPERVISORY RESPONSIBILITIES:


N/A


DISCLAIMER


This position description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all-inclusive listing of duties and responsibilities. Contents are subject to change at management’s discretion.


Ross is an equal employment opportunity employer. We consider individuals for employment or promotion according to their skills, abilities and experience. We believe that it is an essential part of the Company’s overall commitment to attract, hire and develop a strong, talented and diverse workforce. Ross is committed to complying with all applicable laws prohibiting discrimination based on race, color, religious creed, age, national origin, ancestry, physical, mental or developmental disability, sex (which includes pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth or breastfeeding), veteran status, military status, marital or registered domestic partnership status, medical condition (including cancer or genetic characteristics), genetic information, gender, gender identity, gender expression, sexual orientation, as well as any other category protected by federal, state or local laws.


'198304