The Risk Analyst supports the risk identification and management process across all aspects of Information Security. Responsibilities include assessing the current adequacy of the security strategy, threats to networks, systems and applications, and calculating the impact of potential adverse events. The Risk Analyst will keep management up to date on the results of information security risk assessments and make recommendations for mitigations to protect systems or cover potential losses.
The Risk Analyst will help build out the information security controls framework by identifying, evaluating, and interpreting applicable industry, regulatory, and/or customer security requirements. The individual will partner with the Chief Risk & Compliance Officer, Enterprise Risk Management (ERM), business units and stakeholders to assess information security risk against control frameworks and make recommendations on necessary procedural/control changes.
The Risk Analyst will use their knowledge and experience to examine systems and procedures to identify potential adverse events, including those from malicious intruders, malware, denial of service attacks and employee misconduct. The resulting analysis will include a clear description of the risk along with its likelihood and impact. For those considered significant, mitigation plans will be developed and presented to management for approval and funding.
* Maintain an in-depth understanding of current advances in all areas of Information Security concerning vulnerabilities, security breaches or malicious attacks impacting business and IT areas.
* Work closely with the IT department on corporate technology development to secure information, computer, network, and processing systems.
* Develop and maintain information security risk management methodologies, definitions and processes; aligned with those from Enterprise Risk Management.
* Define and report on key risk indicators (KRIs) and key performance indicators (KPIs).
* Perform information security risk identification and assessments of technology infrastructure and operational processes and controls.
* Maintain the information security risk register and regularly communicate to management, staff, partners, customers and stakeholders.
* Continuously evaluate network and system security, data vulnerabilities, business continuity and compliance risks.
* Review employee compliance with security controls and the information risk associated with deficiencies.
* Recommend and implement changes in security policies, standards and/or procedures as needed.
* Ensure security controls are adequate to protect sensitive information systems.
* Clearly document information security risks and potential impacts along with the probability and impact of events.
* Provide prioritized information security risk mitigation proposals with cost estimates.
* Assess and communicate information security risks associated with purchases or practices performed by the company.
* Bachelor's degree in Computer Science, Information Systems or equivalent field required.
* Seven (7) or more years of experience in Information Technology.
* Seven (7) years of relevant experience with information security, control standards, and frameworks such as PCI DSS, ISO27001 and/or NIST 800-53.
* Certified Information Systems Auditor (CISA) and/or Certified in Risk and Information Systems Control (CRISC) strongly preferred. Other certifications such as Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) desired.
* Knowledge of Financial Service industry regulations, risk management methodologies, operations or auditing is highly desired.
* Ability to present issues and recommendations in a manner that will be understood and accepted by all responsible parties.
* Experience with using RSA Archer eGRC to perform risk assessments is highly desired.
* Strong analytical skills and the ability to adapt to constantly changing requirements.
* Resourceful with strong creative problem-solving skills.
* Strong verbal and written communication skills and the ability to interact professionally with diverse groups of managers, supervisors, and subject matter experts.
* Able to function independently, under pressure and perform multiple functions and duties with minimal supervision or guidance
About Green Dot
Green Dot is a company providing prepaid debit cards and cash reload processing services.