Cybersecurity Risk Analyst
Creative Artists Agency · Nashville, TN · 1 wk ago
Finance$87k–$104k/yrFull-time
Responsibilities
- Support a Technology Vendor Management program, ensuring technology risk reviews across multiple disciplines, and monitoring for renewals and savings opportunities
- Participate in risk reviews of the IT control framework (NIST CSF, CIS, ITIL, ISO 270001, etc.)
- Conduct thorough vendor, product and applications security assessments partnering with systems owners to integrate security early during the project lifecycle.
- Partner with business groups to review workflows, producing output to enhance security processes in support of those workflows.
- Coverage of core security integrations (SSO, Event Logs, Secrets, Alerting, Threat Model and Backup/Recovery) with applications developed in-house and externally/SaaS hosted environments.
- Ensure the security considerations identified are implemented and the solutions are configured securely.
- Coordinate with IRM leadership to develop and deliver key security metrics to ensure technical security controls are meeting desired objectives; ensuring the measurable effectiveness of CAA’s technical controls.
Qualifications
- A minimum of 3-4 years in Information Technology
- A minimum of 2 years’ experience in cybersecurity risk management
- Strong analytical skills in conducting due diligence to identify, assess and prioritize vendor risks
- Familiarity with information security frameworks (NIST, ISO27001), data privacy regulations (GDPR, CCPA), and information security certifications/attestations (SOC, ISO, PCIDSS, FedRAMP)
- Experience in coordinating technical integrations for security tooling and processes.
- Ability to review complex systems architectures to identify key security integration opportunities
- Produce a comprehensive, written, security assessment of vendors security posture
- Experience using security analytics tooling to produce operational metrics and dashboards
- A strong understanding of the fundamental operations of servers, operating systems, cloud applications, and infrastructure
Preferred Qualifications
- Core skills in Cybersecurity fundamentals and Third Party Risk Management
- Familiarity with using Third Party Risk Management tools/processes such as OneTrust, SIG or similar GRC platforms.
- Hands-on experience in Azure, AWS Cloud environments and familiarity with core Cloud services and Cloud architecture
- Familiarity with core security concepts of Single Sign-on (e.g PingFed, SAML), Identity and Access Administration (Active Directory, Azure AD, AWS IAM), Event Management (Splunk)
- Expert skills in using Microsoft Office suite, JIRA