Wednesday, September 02, 2015

IT Risk Management Jobs: Senior IT Risk Management Analyst, Sacramento, CA, Relocation Available

Senior IT Risk Management Analyst
Status: Newly Created Position
Compensation: $100,000+
Relocation: Some Relocation Provided
Location: Sacramento, CA has been engaged to build an Information Security and IT Risk Management team.  This role reports to an Information Systems Risk Management manager and contributes to the overall Information Systems Risk Management Program.
The Risk Management Analyst interacts with technical and business units to evaluate information systems in terms of risk to the organization and to recommend establishment of controls to mitigate loss of data and maintain confidentiality, integrity and availability. This position requires specialization in one or more areas of IT infrastructure, information systems, applications platforms, or processes for risk analysis in accordance with established regulations and organizational standards

  • Conduct technology risk analysis for new IT products and services, third-party vendors and internal systems and processes.   
  • Evaluate and recommend controls to mitigate identified risks to acceptable levels based on the business’ appetite for risk.
  • Analyze customer requests for information (RFI) or proposals (RFP) related to the protection of information, IT compliance and technical support services and documents responses.
  • Recommend, maintain and implement technology risk management frameworks, assessment methodologies and tools.
  • Provide assistance to IT Audit, Internal Audit, and other departments regarding IS Risk Management issues and controls, including reviews of assessments conducted by other organizations.
  • Provide subject matter expertise in support of contract negotiations related to the protection of information, IT compliance and technical support services requirements.
  • Approve redlines to Business Associate Agreement Security Addendum within establish parameters.
  • Monitor risk notifications from vendors and assists with appropriate documentation and response.
  • Provide a leadership role in the recommendation, development, and implementation of Technology Risk Management programs as required to achieve compliance objectives.
  • Guide and mentor Information Security Analysts.
  • Monitor and guide security administrators and liaisons regarding their compliance to standards.

  • Must be a US Citizen who is eligible for government clearance. BA/BS in Computer Science or Information Security strongly preferred. Significant work experience may reduce or substitute for education requirement.
  • Must have a current CISSP, CISA, CRISC, CISM or other equivalent information security or risk management certification.
  • Requires a minimum of five years of experience in Information Technology and/or networks where three of those years were invested into information security, risk management or IT audit related roles.
  • Excellent oral and written communication skills are required. Knowledge of laws and regulations impacting data protection and confidentiality, integrity and availability of systems including HIPAA, HI-TECH, Sarbanes-Oxley, and state regulations. Strong knowledge of recognized information security-related standards such as ISO-CobIT, and NIST.
  • Strong analytical, planning, creative problems solving and multi-tasking skills.
  • Strong Interpersonal skills to interface with internal and external parties in a professional manner that creates confidence in his/her subject matter expertise and helps foster resolution of risk and issues.
  • Knowledge of how technologies, processes and controls impact risk in both the information systems and corporate business environment and ability to translate security and operational controls into business risk.
  • Requires knowledge of information security, access controls, application and platform controls, data protection and cryptography, operations security, telecommunications, network and internet security, disaster recovery and physical security controls.
  • Ability to travel in support of onsite assessments.

 Apply Online:'s Security Recruiter Blog