ESI is seeking is a Junior Data Analyst to support one of our customers in assisting them with their governance and risk
management framework. This role involves receiving information security risk notifications from a variety of sources, including internal/external audits, risk assessments, and penetration testing activities. Upon receipt of these notifications, the analyst is responsible for gathering the necessary risk information, inputting it into the organization's risk register, and promptly notifying the relevant
departmental points-of-contact.
Duties & Responsibilities
The Analyst's responsibilities encompass:
- Comprehensive tracking of individual risk records throughout their lifecycle. This includes the ongoing monitoring of risk details, associated impact assessments, potential mitigation activities, the status of mitigation efforts, and any risks associated
with these efforts. All of this information is communicated in a clear and concise manner. - Interfaces with auditors, penetration testers, 3rd party vendors, fellow members of the GRC team, the Chief Information Security Officer (CISO), departmental points-of-contact, and County management as necessary. When appropriate and guided
by predefined criteria, the analyst escalates risks to ensure timely and effective resolution. - Manage requests from County users seeking temporary deviations from the County's established NIST 800-53 controls.
- Verifies the completeness of the information. Should any gaps or missing details be identified, the analyst documents these
deficiencies and promptly communicates them to the requesting user. Subsequently, the necessary
information is entered into the program's exception request register. - Upholds a transparent and consistent line of communication with the user. This encompasses regular updates to the exception request register, scrupulous recording of extension requests or decisions, routine status reporting, and the immediate
escalation of identified or potential risks whenever the need arises
Qualifications
- The preferred candidate for this position boasts prior experience within a GRC or information security
team, ideally in a contributing role. - 1-2 years of Data Analyst experience.
- Demonstrates experience in handling policy exception requests, maintaining a policy exception log (register), and possess strong verbal and written communication skills. Additionally, a firm grasp of risk escalation procedures is essential.
Proficiency in using Office 365 tools, the ability to create and maintain customized SharePoint lists, and expertise in developing Power Bi visuals, reports, and dashboards are highly preferred. - A foundational understanding of NIST Special Publication 800-53 and the
application of security/privacy controls is also anticipated.