Job Description
Information Security Risk Analyst
Bloomington, MN(Hybrid 2-3 days in office)
6 + Months
Phone + Skype
JD:
Requirements
Minimum 5+ years of general Information Technology Infrastructure or Information Security experience
Minimum 3+ years of experience with Information Security risk management practices
Minimum 1+ years of experience working in regulated cybersecurity environments and Control Frameworks (i.e., NIST CSF or 800-53)
Minimum 1+ years of experience working with Governance Risk and Compliance (GRC) tools for reporting and communication purposes
Excellent organizational, communication, and reporting skills
Preferred
Bachelor's Degree in Computer Science or similar
Experience working with and assessing Operational Technologies (OT Systems) in addition to Information Technologies (IT Systems)
Experience working in the Aviation or Transportation sector
Responsibilities
Conducting Risk Assessments for existing systems comparing alongside the baseline of the NIST cybersecurity control framework
Evaluating the effectiveness of cybersecurity controls and suggesting reasonable solutions via interviews and technical analysis.
Organizational skills to proactively track findings for remediation action steps, issue updates and status reports.
Leveraging tools and processes to conduct internal assessments to identify potential compliance issues, compensating controls, and improvements.
Reporting on exception approvals, risk management metrics, and escalating where necessary. This includes preparing reports and presentations on cybersecurity compliance for IT management and other stakeholders.
Assist in governance process associated with developing and adopting written Policies, Standards, and Procedures
Other Duties as assigned