Sr. IT Security Analyst
Allen, TX

Job Description

The Sr. IT Security Analyst will evaluate and document risks within the IT and telecommunications network environments, analyze the effectiveness of IT controls, and provide reporting and metrics to key stakeholders.

Job Responsibilities and Duties:

* Participate in an annual Security Risk Assessment, document identified control weaknesses, mitigating controls and residual risk(s) for Executive signoff.
* Provide mitigation plans to address deficiencies derived from risk assessments
* Perform technical risk assessments for key projects, new functionality, and products.
* Manage and lead technical risk assessments for new and existing vendors/suppliers using Third Party Risk Management methodologies.
* Provide IT risk expertise to the business and IT operations for Business Continuity and Disaster Recovery Planning.
* Lead technical risk assessments of security and operational controls and processes.
* Develop and issue ad-hoc security risk dashboards and reports for internal stakeholders and participate in the completion of customer-requested risk assessments.
* Identifies opportunities to improve the efficiency of IT and operational processes within the functional areas being assessed.
* Stay abreast of developments in the Information Technology industry specifically as they relate to Risk Management.
* Maintain proper documentation for Frontier's Standards, Policies and Procedures as they relate to IT.

Education / Experience:

* Working knowledge of GRC platforms (such as Archer)
* BS in Information Security, Risk Management or 4 years of experience in Information Technology field, with at least 2 years working in Information Security, Risk Management, IT Audit or Compliance.
* Knowledge of threat modeling or other risk identification techniques, system security vulnerabilities and remediation techniques.
* Experience with IT control frameworks such as ITIL, COBIT, NIST, and ISO/27002.
* Experience with regulatory standards and compliance requirements for HIPAA, SSAE 18 SOC, CPNI, and PCI
* Experience with Third-Party Risk Management frameworks such as NIST, COSO, and ISO
* Experience with business impact analysis (BIA) and risk analysis for Business Continuity and Disaster Recovery planning
* Ability to deal with changing priorities and multi-task several projects.
* Ability to translate and communicate technical risk into business
* Experience in implementing security management solutions and creating detailed documentation.
* Excellent presentation and communication skills.
* Excellent Technical and business writing skills.
* Maintain at least one Industry Standard Security certification, such as: CISSP, GIAC, CRISC, CISM, CISA, etc.