New 
Senior Cyber Risk Analyst
 TEKsystems | |
$50.00 - $65.00 / hr
| |
life insurance, sick time, 401(k), retirement plan
| |
 United States, Texas, Houston | |
 Jan 17, 2025 | |
|
*Brief Job Description*
The Information Security Cyber Risk Analyst performs security risk assessments of third parties and their solutions to ensure that it meets the information security standards adhered to by the client. The security risk assessment is documented in a report that includes an overview of the vendor, technical description of the solution, risks that have been identified, and how they will be addressed. This same individual will have another task surrounding account validation. *Top Skills' Details* 1. Third Party Risk Management/ Risk Assessments of 3rd party applications (GRC tools - Working understanding of security concepts and tools (LogicGate/Archer/ServiceNow GRC) used to detect or prevent potential threats, including controls related to Identity and Access Management, Data Security, Network security, and Endpoint Protection.) Working understanding of risk management frameworks, methodologies, and their application. 2. Data Analysis - Working knowledge of SailPoint and Active Directory to pull in data to excel for further validation. This individual will help with UAR (User Access Reviews)/ identifying stale/duplicate accounts. 3. Communication - This person will be the first line of defense for the organization and will be representing Cybersecurity in the face of both internal stakeholders and external vendors. Will interact with the CISO of the company as well as Cybersecurity Directors. 4. Local to Houston. Although a fully remote position, the CISO has directed this team to prioritize local talent. *Why is the position open* They are adding to the team and hoping this individual can also perform UARs. *Work Environment* This position is 100% remote. These consultants would be a part of a 4 person team including a team lead and they report to the director of Cyber Risk and IAM. They prefer camera on when in meetings virtually. *Employee Value Proposition (EVP)* The healthcare client's Risk & Security team, although remote, interact with each other and have a great culture. The hospital system is located in the largest medical center in the world and they have large multi-million-dollar projects in pipeline. The security team has a weekly touchpoint with the CISO and so this position has C level visibility. The client is looking to convert this role FTE. *Business Drivers/Customer Impact* This GRC/Risk Analyst meets with internal stakeholders and 3rd party vendors to ensure all security controls are being met when implementing new applications and technologies. They will also be validating accounts through Active Directory post migration from Cerner to Epic. Any duplicate accounts will be identified and taken care of. *Description* * Client is prioritizing local candidates in Houston, Texas.* The healthcare client's Information Security Cyber Risk Analyst performs security risk assessments of third-parties and their solutions to ensure that it meets the information security standards adhered to by MH. The security risk assessment is documented in a report that includes an overview of the vendor, technical description of the solution, risks that have been identified, and how they will be addressed. The final report is approved by Cyber Risk leadership and presented to all stakeholders to communicate the risk level to the organization. Late last year the organization successfully migrated to Epic. They are at about 7/10 risk maturity level, Governance/policy has been set up to effectively categorize risk. Compliance is what they are looking to improve by automating, implementing, and validating more controls starting within the identity/access controls layer. They have multiple identity (Active Directory) accounts they are looking to consolidate post Epic migration. Account provisioning for Epic was done via SailPoint. This Risk Analyst will: -Perform Active Directory querying to verify attributes and enter information into CSV/Excel for further validation. (Conduct UARs also known as User Access Reviews or IAM Certifications) Responsibilities/Duties *Collaborates with stakeholders to understand the scope of a project, its supporting architecture, data, and user workflows. *Produces, presents, and publishes security risk assessment reports. *Identifies risks, their likelihood, impact, and the overall risk level to the organization. *Identifies potential controls to address or reduce risk to the organization. *Tracks and monitors identified risks until they are addressed with agreed upon risk treatment. *Participates in knowledge sharing and peer review to support the Cyber Risk team. *Provides guidance regarding Information Security policies, procedures, and standards. *Maintains education and knowledge of developing IT technology, security best practices, and current events in the information security sector. *Skills* third party risk, risk assessment, active directory, cyber risk, user access reviews, cissp, cism, cisa, cyber security, risk management, nist, hipaa, Security controls, sailpoint *Top Skills Details* third party risk,risk assessment,active directory,cyber risk,user access reviews *Additional Skills & Qualifications* *SailPoint (foundational knowledge, understanding how account provisioning works) *Ability to perform critical analysis of existing and emerging solutions *Excellent writing skills for composing and publishing professional, well-written reports. *Technical background that allows for the operational understanding and analysis of varying types of solution architectures, including on-premise, cloud, and hybrid environments. *Ability to effectively manage multiple concurrent tasks for both prioritization and time allocation. *Familiarity with current information security standards, certifications, and regulations. Qualifications/Certifications *Bachelor's degree or equivalent work experience *3+ year of experience in information security related field *3+ year experience in information technology *Information Security Certifications (CISSP, CISM, CISA, CRISC) *Experience Level* Expert Level *Pay and Benefits* The pay range for this position is $50.00 - $65.00 Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following: * Medical, dental & vision * Critical Illness, Accident, and Hospital * 401(k) Retirement Plan - Pre-tax and Roth post-tax contributions available * Life Insurance (Voluntary Life & AD&D for the employee and dependents) * Short and long-term disability * Health Spending Account (HSA) * Transportation benefits * Employee Assistance Program * Time Off/Leave (PTO, Vacation or Sick Leave) *Workplace Type* This is a fully remote position. *Application Deadline* This position will be accepting applications until Jan 30, 2025. About TEKsystems: We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company. The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law. | |