122 applicants

Company

Original Job Post

MissionSquare Retirement · 2 days ago

Security Risk & Resilience Analyst

Washington, DC

Full-time

Hybrid

Mid Level

1+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

Financial ServicesInsurance

Actively Hiring

Insider Connection @MissionSquare Retirement

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Assist with administration of disaster recovery (DR) plans for all divisions/departments to ensure that they are updated as appropriate and meet the mandatory requirements utilizing the Business Continuity Planning system used across the company to build and maintain the corporation's business continuity plans in a uniform format.

Assist in coordination of corporate DR exercise and conduct the yearly DR desktop simulation exercise with the Incident Management Team.

Assist with the ongoing review of new projects, ensuring resiliency is included in design, development, and execution phases.

Draft/update DR policies and procedures as necessary in conjunction with Sr. Manager, Business Continuity

Participate in reviews by Internal Audit, external audits and Compliance and assurance that any comments are addressed in a timely fashion.

Assist with documentation of technical disaster recovery infrastructures, strategies, and standards.

Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation. Recommend risk reduction steps to be implemented and maintained through policies, procedures, frameworks, and technical controls.

Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency, and compliance frameworks. In tandem with security leadership, the analyst consistently assesses and validates the assurance of the security program.

Maintain strong oversight of third parties, vendors, and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.

Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Analyze findings, and document, recommend and report program gaps to security leadership.

Define metrics to assess the success of the security and associated continuity elements of the program and provide regular reports to security and business leadership.

Strong business acumen and security technology skills for well-rounded proficiency, as well as proven ability to align with security practices and compliance responsibilities.

Administration and/or familiarity with network and host configurations, application security, cloud services, third-party risk management, and role-based access.

Other duties as assigned.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Cyber risk managementSecurity analysisDisaster recoveryNISTISO 27001/2ITILRegulatory requirementsSOXHIPAAPCIGDPRGLBABusiness continuity planningInformation security practicesRisk mitigationHybrid data centerCloud-based environmentThird-party cyber securityVendor managementRisk managementControl frameworksMicrosoft ExcelMicrosoft WordMicrosoft PowerPointRTO/RPO requirementsSecurity controls analysisSecurity certificationCISSPDisaster Recovery Institute InternationalBusiness Continuity Institute

Required

BA/BS or equivalent experience

1 to 3 years’ experience in either Cyber Risk Management, Security Analyst role, and Disaster Recovery, and related activities, preferably for a financial services corporation

Ability to work in a fast-paced environment

Experience in one or more of the following: NIST, ISO 27001/2, or ITIL

Additional experience in and understanding of one or more of various regulatory requirements and laws, including but not limited to SOX, HIPAA, PCI, GDPR, and GLBA

Knowledge of industry Business Continuity Planning (BCP) standards, information security practices, and experience in implementing multiple risk mitigation approaches

Experience with DR in a hybrid data center and cloud-based environment

Strong understanding of disaster recovery and information security

Experience in evaluating third-party cyber security and vendor management

Experience in risk management and control frameworks

Strong computer skills, particularly Microsoft Excel, Word and PowerPoint

Strong Verbal and Written Communications Capabilities

Experience in leading successful negotiations with technology teams to achieve RTO/RPO Requirements

Organized, motivated, self-starter

Experience in analysis of security controls

Any Security Certification (Example: Security+ or CISSP), and/or professional certification from the Disaster Recovery Institute International (DRII) or The Business Continuity Institute (BCI) (e.g., Certified Business Continuity Professional – CBCP) and/or related certifications

Cloud certification in either Azure or AWS