Information Security Risk Analyst II @ OnTrac | Jobright.ai
JOBSarrow
RecommendedLiked
0
Applied
0
External
0
Information Security Risk Analyst II jobs in United States
26 applicants
company-logo

OnTrac · 5 hours ago

Information Security Risk Analyst II

positionUnited States
timeFull-time
remoteRemote
seniorityMid, Senior Level
money$83K/yr - $91K/yr
date5+ years exp
ftfMaximize your interview chances
DeliveryPackaging Services

Insider Connection @OnTrac

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Conduct risk assessments, identifying threats, vulnerabilities and the associated business impact.
Assist in developing risk mitigation strategies and action plans, working with relevant stakeholders to ensure timely remediation of identified risks.
Monitor and report on key risk indicators (KRIs) and ensure alignment with the organization's risk appetite.
Conduct due diligence and risk assessments on third-party vendors to ensure they meet the organization’s compliance and security requirements.
Support the development of vendor risk management programs and provide recommendations to enhance third-party risk governance.
Coordinate and oversee penetration testing and remediation.
Review DevOps SAST and DAST testing and remediation results to enhance secure coding practices.
Prepare and maintain risk management reports, dashboards, and presentations for senior leadership.
Ensure accurate documentation of risk assessment findings and mitigation strategies.
Assist in the development and enforcement of governance frameworks, policies, and procedures in line with regulatory requirements (e.g., SOC 2 and US State data privacy regulations).
Collaborate with internal audit, legal, and compliance teams to ensure the organization’s governance, risk, and compliance posture is robust and up to date.
Assist in developing and maintaining incident response plans, ensuring incidents are properly documented, reported, and remediated.
Provide risk analysis support during security events and incidents.
Assist in developing and delivering training programs to increase awareness of risk management and compliance practices across the organization.
Provide guidance and support to business units on GRC-related topics and best practices.
Monitor compliance with various regulatory frameworks and internal policies.
Coordinate and assist in internal and external audits by collecting evidence, preparing audit reports, and tracking remediation activities.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Risk management frameworksGovernanceComplianceVulnerability managementQualysCISSPCISMCRISCLinux operating systemsGRC frameworksData protection regulationsVendor risk managementThird-party assessmentsIncident response plansCompliance monitoring

Required

Bachelor’s degree in Information Security, Cybersecurity Risk Management or a related field with 3+ years of experience in governance, risk and compliance or related fields (e.g., cybersecurity, internal audit, or IT governance).
5+ years of experience in governance, risk, and compliance or related fields (e.g., cybersecurity, internal audit, or IT governance).
Strong experience with Qualys (vulnerability management, compliance, and web application scanning)
Proficient in Linux operating systems
Understanding of IP Addressing and Subnetting for discovery purposes
Familiarity with GRC frameworks such as SOC 2, NIST Cybersecurity Framework, CIS Controls or similar standards.
Experience with vulnerability management tools, specifically Qualys tools and GRC platforms.
Understanding of IT security concepts, data protection regulations and compliance requirements (e.g., GDPR, CCPA/CPRA, PCI-DSS).
Strong analytical and problem-solving skills, with attention to detail.
Strong time management and prioritization skills
Self-starter with the ability and drive to take initiative
Excellent communication and interpersonal skills, with the ability to collaborate effectively across departments.
Ability to create clear, concise, and actionable reports and recommendations.

Preferred

Experience in Vulnerability Management.
Experience in vendor risk management and third-party assessments.
Experience in risk management within regulated industries and industry frameworks.
Knowledge and understanding of U.S. privacy regulations and data protection laws.

Benefits

Competitive individual and group benefits
Medical, Dental, and Vision insurance
Paid Time Off including Holiday pay
401(k) with company match
Safe and clean work environment

Company

OnTrac

twittertwittertwitter
Glassdoor
3.1
company-logo
OnTrac is the carrier of choice for last-mile e-commerce deliveries that helps retailers and shippers build a competitive advantage through faster delivery times, lower costs, coast-to-coast coverage, and reliable on-time performance.
dateFounded in 1991
location
Chandler, Arizona, USA
people-size5,001-10,000 employees
web-link
http://www.ontrac.com/

Funding

Current Stage
Late Stage
Total Funding
unknown
2021-10-13Acquired· by LaserShip ($1.3B)

Leadership Team

leader-logo
Mike Duffy
Chief Executive Officer
linkedin
leader-logo
Rob Humphrey
Chairman & Chief Executive Officer
linkedin

Recent News

PRWeb
OnTrac Secures Agreement With Lenders To Accelerate Growth As A National Pure-Play E-Commerce Delivery Platform
2024-11-15
WSJ
OnTrac to Deliver Packages 7 Days a Week
2024-05-21
REBusinessOnline
Prologis Purchases Industrial Development Site in Lynwood ...
2023-12-22
Company data provided by crunchbase
logo

Orion

Your AI Copilot