Requisition Number 19-0071 Post Date 6/28/2019 Title Senior Information Security Risk Analyst Division Information Technology PT/FT Full Time City Washington State DC Description
The PCAOB oversees the audits of public companies and SEC-registered brokers and dealers in order to protect investors and further the public interest in the preparation of informative, accurate, and independent audit reports.
Job Description Summary
The PCAOB has a full-time, regular position for a Senior Information Security Risk Analyst focusing on the areas of risk management and policy in the Office of Information Technology (OIT) at its Washington D.C. office. You will manage and mitigate Information Security risk by identifying, evaluating, assessing, designing, monitoring, administering, reporting and implementing systems, policies and processes. Provides Information Security risk insight and guides management on Information Security risk issues and serves as advisor to peers, team members and the PCAOB staff. You will utilize your exceptional communication skills to provide leadership for your colleagues and the organization.
* Provides advice, guidance and assistance to executive management focusing on Information Security risk to guide the strategic direction of PCAOB development projects, departmental initiatives and other special projects.
* Determines requirements, recommends system security configurations, and risk mitigation effectiveness.
* Provides advice and influences Information Security risk management strategies and approaches and educates risk owners on best practices.
* Identifies, analyzes and initiates changes in the Information Security policies, guidelines and standards as well as provides governance advice to the PCAOB.
* Ensures that internally developed and commercially available business applications include adequate information and security controls.
* Designs and executes the Information Security risk and control identification, evaluation, documentation, analysis and reporting processes including analytic tools.
* Conduct periodic audits of various applications and systems to ensure information security processes and procedures are effective.
* Assist with the investigation, documentation, and response to all suspected information security events.
* Ensures process owners identify, develop and test Information Security controls for risk mitigation effectiveness.
* Work closely with external IT auditors and internal teams on managing and supporting IT audits.
* Participates in designing, communicating, and maintaining IT security program policies and procedures.
* Serves as a mentor to peers and team members for assigned area of responsibility.
* Guides team members in the development and delivery of their work.
* Other duties as assigned.
* Bachelor's degree in MIS, Computer Engineering, Cyber Security, IT or related disciplines OR 4 years of additional work experience in IT, Information Security, Cyber Security preferred.
* Minimum 10+ years Information Security experience within Information Technology
* Minimum 10+ years hands-on experience conducting risk assessment sessions with all levels of management and executive management.
* In-depth knowledge and experience in relevant industry data sources, standards, data analysis tools and techniques.
* Demonstrable expertise and knowledge of risk, control, budgets, process and loss costing.
* Strong knowledge of risk monetization and costing
* An understanding of multiple, industry-standard Information Security frameworks.
* Strong knowledge in relevant industry data sources, standards, data analysis tools and techniques.
* Experience collaborating with and influencing multiple stakeholders to solve a complex problem.
* Excellent written, oral, presentation, facilitation, negotiation and communication skills.
* Professional designation in CISSP, CISA, CRISC, or CRCMP preferred.
As we seek to accomplish our mission and implement our vision, we expect integrity, pursue excellence, operate with effectiveness, embrace collaboration, and demand accountability.
Equal Employment Opportunity
All PCAOB employees are entitled to equal opportunity and a professional work environment, free of discrimination and harassment. A workplace free of discrimination is fundamental to professional success and to the PCAOB's mission. The PCAOB will consider for employment all qualified applicants with criminal histories in a manner consistent with applicable law.