IT Security Risk and Compliance Analyst

Location: Durham, NC
Date Posted: 07-15-2016
Please find the details of the requirement. Let me know your interest in this position along with your updated resume
Job role: Information Security Risk and Compliance Analyst 
Location: Durham, NC
Duration: 6 months+
This staff-level role will be responsible for identifying, analyzing and influencing the management of information security risk across the organization with focus on conducting security risk assessments of third-party vendors and products. The candidate will be responsible for conducting and documenting vendor assessments, as well as other assessments as needed, in line with IT security best practices and frameworks, generating recommendations and/or mitigating activities for security gaps identified, and providing security risk ratings.
  • Perform focused security risks assessments of existing or new vendors, products, and services
  • Document assessment approach, work papers, analysis and results
  • Communicate and report assessment results inclusive of recommendations for mitigation activities and overall risk rating
  • Identifies opportunities to improve risk posture, designing security controls for remediating or mitigating risks and assessing the residual risk 
  • Provide consultative advice ensuring security design for systems aligns with business needs and the company's security posture 
  • Cultivate and maintain strong working relationships with IT Architecture & other core IT teams, Strategic Sourcing, Legal, QA, and Internal Audit 
  • Other duties as assigned
All responsibilities are essential job functions unless noted as nonessential (N).
  • Broad expertise and knowledge of information security concepts and best practices, as well as ability to apply these concepts to business scenarios
  • Ability to measure and assess software, network and server technologies leveraging broad technical skills and sound technical fundamentals 
  • Strong analytical and problem-solving skills 
  • Ability to effectively adapt to rapidly changing technology
  • Preferred experience in health or bio-pharma industry 
  • Excellent oral and written communication skills
  • Project management skills, especially in a cross-functional environment 
  • Ability to effectively influence and educate business partners when necessary to help bridge gaps in understanding while maintaining good working relationships
  • Strong organizational skills and ability to multitask
  • BS in Business, Computer Science, Information Security, or a related field 
  • 2-3 years of work experience in information security risk management frameworks ((e.g., IS027000, COBIT, NIST 800, etc.) or IT audit with working knowledge of security concepts
  • Security certifications or working toward a security or IT audit related certification; such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA).
  • Extensive use of telephone and face-to-face communication requiring accurate perception of speech
  • Extensive use of keyboard and mouse requiring repetitive motion of fingers and wrists
Phone: 248-415-4549
Fax: 248-603-2599


At least a bachelor’s degree in Computer Science, Engineering or related field or an equivalent in education is required for this position.
We are an Equal Opportunity Employer.
this job portal is powered by CATS