Apply on Employer Site

HireRight · 6 days ago

Security Risk Analyst

Nashville, TN

Full-time

Onsite

Mid Level

HireRight is the premier global background screening and workforce solutions provider, focused on delivering tailored solutions for hiring decisions. The Security Risk Analyst will assist in managing corporate compliance and risk management, ensuring that Information Security policies are implemented and compliance issues are addressed timely.

Information TechnologySoftware

No H1B

Responsibilities

Independently evaluates and analyzes issues or recommendations for improvements in processes to mitigate risks and bring programs and operations into compliance with the goals and objectives of the Corporate Compliance Program and communicates results to management and other key stakeholders

Takes a lead role in the development and execution of internal Information Security risk identification and assessment program. This includes: risk assessments, internal project security reviews, coordination of risk treatment activities, and communication of assessment results

Serve as company representative with clients and partners, responding to security questionnaires and managing audits

Continually reviews and improves the risk assessment methodology, process, and procedures

Assists in developing and administering ongoing IT compliance monitoring and governance activities

Advises internal business clients on the effectiveness of corrective action plans in the event of non-compliance or detected vulnerabilities in their environment

Contributes to various project requests from functional teams to increase operational efficiency, strengthen IT environment, and help meet the company's internal and external regulatory or compliance requirements

Performs ad-hoc compliance requests or additional duties as assigned

Qualification

Information TechnologySecurity+ certificationCISA certificationCISM certificationISO 27001 Lead AuditorISO 27001 compliancePCI DSS complianceSOC 2 complianceRisk assessmentClient relationship skillsProject ManagementInterpersonal communicationWritten communicationOral communication

Required

BS, BA in Information Technology, Computer Science or other related Business/Technology/Analytical studies

Security+, CISA, CISM, ISO 27001 Lead Auditor, or similar certification

Prior experience conducting internal risk assessment workshops and providing guidance to functional teams with the implementation, monitoring, and reporting of appropriate risk treatment measures to drive conformity with policies and procedures, and establish effective internal controls processes

Extensive information security regulatory compliance experience: ISO 27001, PCI DSS, SOC 2, EI3PA, SOC 2 Type II, or similar

Experience interpreting industry and regulatory requirements and authoring supporting controls

Experience performing third party assurance assessments; AuditBoard experience a plus

Excellent client relationship and customer service skills, with a clear client focus. Note: nearly all customer facing interactions will require English proficiency in writing and speaking

Strong Project Management Skills

High degree of independence and exceptional work ethic with a team player

Familiarity with core IT and Information Security Technologies

Exceptional interpersonal, written and oral communication skills