This site uses cookies. To find out more, see our Cookies Policy

Security Systems Analyst in Deerfield, IL at DISYS

Date Posted: 12/4/2018

Job Snapshot

Job Description

Vendor Risk Management Program

• Perform remote and onsite vendor risk assessments on new and existing vendors on an enterprise-wide basis

• Drive all aspects of information security and data privacy vendor risk assessments which include scheduling assessment, conducting assessments and escalating issues associated with vendors as needed

• Identify and document deficiencies and vulnerabilities with vendors’ information security and data privacy programs

• Prepare detailed and summary vendor risk report

• Partner with legal team for inclusion / negotiation of appropriate information security contract language within vendor agreements

• Identify opportunities for improving the vendor risk management process, including developing program metrics and program awareness

• Develop and cultivate partnership with functional areas within IT, legal, procurement and privacy

• Mentor and help develop junior level team members

• Other duties and special projects as assigned

 

Information Technology Risk Management Program

• Assist Head of Information Risk Management in defining IT risk strategy and framework

• Help with selection and implementation of Governance, Risk and Compliance (GRC) tool and framework

• Partner with IT functions to help identify, assess and manage IT risks through completion of risk assessment

• Partner with risk owners to document risk response plans

• Develop and maintain IT risk register

• Follow-up with risk owners to track risk mitigation / remediation

• Provide risk management subject matter expertise in projects

• Identify opportunities for improving the IT risk management process, including developing program metrics and program awareness

 

Qualifications

• 5-7 years of experience in Technology Risk, Operational Risk, vendor risk, or related filed

• 5-7 years of experience conducting vendor risk and / or technology risk assessments

• 2-3 years of experience conducting onsite vendor assessments

• Broad Operational Risk, risk management and/or consulting experience

• Understanding of key industry control standards / frameworks such as, ISO, NIST, PCI DSS, etc

• Moderate-level knowledge and understanding of systems architecture, infrastructure, security and applications

• Moderate-level knowledge and understanding of cloud computing

• Experience in planning, organizing and conducting vendor and information risk assessments

• CRISC / CISSP / CISA certification preferred

Job Requirements

Required:


• 5-7 years of experience in Technology Risk, Operational Risk, vendor risk, or related filed 


• 5-7 years of experience conducting vendor risk and / or technology risk assessments


• 2-3 years of experience conducting onsite vendor assessments


• Broad Operational Risk, risk management and/or consulting experience


• Understanding of key industry control standards / frameworks such as, ISO, NIST, PCI DSS, etc


• Moderate-level knowledge and understanding of systems architecture, infrastructure, security and applications


• Moderate-level knowledge and understanding of cloud computing


• Experience in planning, organizing and conducting vendor and information risk assessments


• CRISC / CISSP / CISA certification preferred

Digital Intelligence Systems, LLC. is an Equal Opportunity Employer, M/F/D/V. We do not discriminate against any employee or applicant because they inquired about, discussed, or disclosed compensation. Email recruitinghelp @ disys.com to contact us if you are an individual with a disability and require accommodation in the application process.