Position Details: Information Risk Management Analyst - 1270593Z
In the Information Risk Management Analyst role, you will deliver against an information security/cybersecurity assessment plan that is integrated into a broader risk management program supported by executive management.
Your responsibilities will not be limited to include,
For internally managed systems:
- Identify, document and elevate visibility to information risk, where business direction creates potential for exposure to employee, athlete and product sensitive data streams.
- Perform detailed analysis of threats and vulnerabilities in all areas of information security including network security, asset security, security engineering, identity and access management, security operations and software development security. This also includes reviewing key system configurations and complex IT infrastructures (e.g. cloud services).
For vendor managed systems:
- Evaluate vendor processes at the point of engagement with Client and ensure sufficient validation of data sharing arrangements and agreements protect Client’s sensitive information.
- Perform formal risk assessments on partner and vendor connections and ensure the business objectives align with the type and volume of data used in maintaining a “need to know/use” mindset.
And in general:
- Become an advocate of Client Information security procedures, policies, and processes, and standards as a mechanism to enable the business effectively while managing risk appropriately.
- Provide enforcement of security policies, standards and procedures by working cross functionally with Compliance and Governance functions within the Corporate Information Security organization.
- Stay current on information security technologies, trends, standards and best practices
What We're Looking For:
To make it clear, we're not looking for just anyone. We're looking for someone special, someone who had these experiences and clearly demonstrated these skills:
- Knowledge of information security principles and practices, best practice security architectures, general procedures and guidelines.
- A general understanding of technology use, trends and risks as it applies in a business context and environment.
- Excellent communication skills (written and verbal) as well as comfort and experience in presentation delivery
- Proven persuasion skills
- Proven experience identifying solutions for complex problems in enterprise environments
- Proven analytical and problem solving ability
- The ability to appropriately communicate complex security risks to non-technical staff
- Must be trustworthy in keeping sensitive data confidential