Incident and Security Risk Analyst in Chesterfield, MO at Signature Consultants

Date Posted: 9/10/2019

Job Snapshot

Job Description

Incident and Security Risk Analyst Position Overview:

Signature Consultants is seeking an Incident and Security Risk Analyst for an opportunity in Chesterfield, MO. This mid-level individual contributor position will spend roughly 75% of their time managing 1) global cybersecurity and privacy Incident Response Program, 2) Phishing program, and 3) security ratings solution. The other 25% may be spent supporting the organization's other Security assessment programs (Security Questionnaires, Contract reviews). The typical workday is Monday through Friday 8:00A - 4:30P. However, due to the Incident Response needs of the business, the candidate who fills this position will be expected to be available at odd hours beyond the normal workday.

Skill Requirements:

  • Able to work with minimal direct supervision
  • Solid project management skills. Ability to appropriately balance priorities, deadlines, and deliverables
  • Advanced ability to translate business needs and problems into functional design and solutions
  • Inquisitive
  • Advanced oral and written communications skills, demonstrating the ability to convey business terminology that is meaningful and well-received
  • Demonstrated ability to handle multiple tasks, assess prioritization, and execute in a timely fashion with high quality.
  • Able to work in a team environment
  • Ability to liaise with individuals across a wide variety of operational, functional, and technical disciplines
  • Strong working knowledge of MS Office Suite of tools
  • Ability to initiate tasks; self-starter and driven.
  • Strong understanding of the Risk Management process
  • Strong understanding of security frameworks, such as ISO 27001 or NIST CSF
  • Security Policy Experience
  • Advanced investigative, analytical, and problem solving skills

Responsibilities:

  • Manage and Administer the company's annual retainer with a third party vendor for incident investigation and forensics services
  • Administer the company's cloud-based emergency notification and the cloud-based incident management tool
  • Perform semiannual updates to the Security and Privacy Incident Response Plan
  • Schedule, design, facilitate the company's annual Security and Privacy Incident Response
  • exercise
  • Collaborate with internal resources to produce global training and/or awareness materials
  • relating to Security and Privacy Incident Response
  • Collaborate with the InfoSec team relative to Security and Privacy Incident Response
  • Works across varied geographies and business disciplines to gather, synthesize and report on
  • Security and Privacy Incident Response metrics and issues for senior management, internal and
  • external audit and client consumption
  • Perform intel gathering on other industry cyber security and privacy incidents (to create lessons learned)
  • Maintain the Security and Privacy Incident Response Team page on the organization's SharePoint site
  • Support and execute on defined controls for the incident response program, to include consistent documentation of incidents, maintaining incidents in a common repository, and being a liaison for audits (internal and external) and other assessments
  • Identifies and qualifies Security and Privacy Incident Response program enhancements through
  • continuously growing understanding of program gaps and weaknesses both pervasively and
  • locally
  • Administers and facilitates the company's global phishing program including conducting the
  • phish simulations as well as reporting results
  • Support efforts to develop or continuously improve security controls, processes and procedures, as necessary
  • Respond to complex Client Questionnaires or Security Inquiries collaborating with Risk Analysts to provide Client Security Inquiry Services
  • Manage Information Security statements and other artifacts to address client security inquiries.
  • Represent security department in project workshops to provide guidance and advisory services
  • Other duties that may be necessary or assigned

Requirements:

  • Bachelor's degree or equivalent related experience
  • 3+ years of Information Security and/or Risk Management related experience
  • 3+ years of Incident Response and/or Crisis Management experience
  • Knowledge of, or experience with, domestic and global regulations related to data privacy and security (e.g. SOX, HIPAA, GDPR, etc.)
  • Knowledge and understanding of information security best practices
  • Strong investigative, analytical, and problem solving skills
  • Organized self-starter; versatile and capable of working with minimal management oversight
  • Ability to deliver projects on time and within budget
  • Proven experience leading others
  • Excellent time management skills and ability to juggle multiple, competing priorities
  • Works effectively within a team environment, participate in departmental/team projects, and
  • balance detail with departmental objectives
  • Excellent communication skills (verbal, writing, presentation development/delivery)
  • Familiarity with CAIQ and SIG questionnaires
  • Data Security/Privacy experience
  • Experience with security compliance audits and/or enterprise security compliance programs
  • Strong understanding of the Risk Management process
  • Strong understanding of security frameworks, such as ISO 27001
  • Security Policy Experience

Preferred:

  • Solid working knowledge of the Incident Command System (ICS)
  • Experience using cloud-based Emergency Notification solutions
  • Experience using cloud-based Incident Management solutions
  • Experience conducting phishing simulations
  • Data Privacy / Security experience
  • CISSP or CRISC certified
  • 3rd Party/Cloud Security Assessment experience
  • Understanding of Risk Methodologies
  • Quantitative Risk Measurement
  • Data Privacy / Security experience


About Signature Consultants, LLC

Headquartered in Fort Lauderdale, Florida, Signature Consultants was established in 1997 with a singular focus: to provide clients and consultants with superior staffing solutions. For the ninth consecutive year, Signature was voted as one of the "Best Staffing Firms to Work For" and is now the 14th largest IT staffing firm in the United States (source: Staffing Industry Analysts). With 27 locations throughout North America, Signature annually deploys thousands of consultants to support, run, and manage their clients' technology needs. Signature offers IT staffing, consulting, managed solutions, and direct placement services. For more information on the company, please visit www.sigconsult.com.