GDH Consulting has partnered with one of Tulsa's premiere enterprise employers adding a Senior Security Risk Analyst to their team.
The Senior Security Risk Analyst provides advise and expertise to IT staff and other departments related to information security issues. The Senior Analyst monitors the thread landscape, prepares risk and vulnerability assessments, creates risk process documentation, and otherwise contributes to the develop and maintenance of a sound cyber security program. The Senior Analyst will evaluate internal security controls against industry standard best practices, established control frameworks, and internal audit requirements. This position is responsible for leading process improvement activities, participating in information security assessment projects and participating in security awareness communication and training activities. The Senior Analyst will participate in companywide projects to ensure that IT risks are known to the business and are remediated, transferred, or accepted. The Senior Analyst will assist the Cyber Security Manager in reporting risk and compliance status and program maturity to business leadership.
As a Sr. Security Risk Analyst you will:
Oversees the risk assessment and information security awareness processes.
Conducts internal IT risk assessments
On at least an annual basis, conducts or causes to be conducted an IT risk assessment.
Work with the Cyber Security Manager to develop a schedule of internal risk reviews
Coordinate reviews with Internal Audit as required to minimize impact of assessments to business units
Interfaces with end users as well as all levels of management, technical and business sources to complete assessments
Responsible for a deep understanding of business processes and technology used within the assigned areas to ensure that the business is in compliance with regulatory requirements and the Information Policy and applicable procedures, processes and standards.
Acts as primary IT Risk and Compliance representative on IT and business projects to ensure that information security risks are managed appropriately
Maintain relationships inside and outside of IT to enable the discovery of risks outside formal risk assessments.
Evaluate and recommend controls to mitigate information technology, security and privacy risk. Map internal controls to appropriate established industry or other standard (ISO, NIST, etc.)
Identify and evaluate technology risks internally and/or at third parties, internal controls which mitigate risks, and related opportunities for internal control improvements.
Understand complex business and information technology management processes.
Assess application layer security controls to ascertain whether they comply with policies.
Cloud/SAAS: Develop an understanding of the third parties' IT control environment and perform basic risk management approaches to evaluate their IT controls.
Actively participate in decision making with third parties and internal Management for mitigating identified vulnerabilities.
Performs assessments necessary to ensure the safety of information system assets and to protect systems from intentional or inadvertent access or destruction.
Participate in 24/7 Security Incident Response team activity.
Required education: Bachelor's degree, preferably in MIS or Computer Science or equivalent work experience.
Required experience: Five or more years of experience in technical areas of IT. Four or more years of experience in security. Experience conducting risk assessments and vulnerability analyses and experience delivering results to technical and non-technical personnel. Experience leading junior personnel and/or mentoring risk and compliance professionals.
Required skills: Deep understanding of IT security controls and risk/compliance frameworks such as ISO, COBIT and NIST Strong written and verbal communication skills. Highly self-motivated and directed. Knowledge of Security Risk Assessments, AD and MS servers, anti-virus, end-point, firewall, and web filtering software, wireless networking and security, patch management and vulnerability scanning. Understanding of encryption systems and methodology.
Interested candidates please send resume in Word format to Please reference job code 73544 when responding to this ad.
GDH Consulting, Inc. provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, genetic information, veteran's status or any other category protected by law. In addition to federal law requirements, GDH Consulting, Inc. complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities and/or employees. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, benefits and training.