Jobs · Finance · Tennessee

Cybersecurity Risk Analyst

Creative Artists Agency · Nashville, TN · 1 wk ago
Finance$87k–$104k/yrFull-time

Responsibilities

  • Support a Technology Vendor Management program, ensuring technology risk reviews across multiple disciplines, and monitoring for renewals and savings opportunities
  • Participate in risk reviews of the IT control framework (NIST CSF, CIS, ITIL, ISO 270001, etc.)
  • Conduct thorough vendor, product and applications security assessments partnering with systems owners to integrate security early during the project lifecycle.
  • Partner with business groups to review workflows, producing output to enhance security processes in support of those workflows.
  • Coverage of core security integrations (SSO, Event Logs, Secrets, Alerting, Threat Model and Backup/Recovery) with applications developed in-house and externally/SaaS hosted environments.
  • Ensure the security considerations identified are implemented and the solutions are configured securely.
  • Coordinate with IRM leadership to develop and deliver key security metrics to ensure technical security controls are meeting desired objectives; ensuring the measurable effectiveness of CAA’s technical controls.

Qualifications

  • A minimum of 3-4 years in Information Technology
  • A minimum of 2 years’ experience in cybersecurity risk management
  • Strong analytical skills in conducting due diligence to identify, assess and prioritize vendor risks
  • Familiarity with information security frameworks (NIST, ISO27001), data privacy regulations (GDPR, CCPA), and information security certifications/attestations (SOC, ISO, PCIDSS, FedRAMP)
  • Experience in coordinating technical integrations for security tooling and processes.
  • Ability to review complex systems architectures to identify key security integration opportunities
  • Produce a comprehensive, written, security assessment of vendors security posture
  • Experience using security analytics tooling to produce operational metrics and dashboards
  • A strong understanding of the fundamental operations of servers, operating systems, cloud applications, and infrastructure

Preferred Qualifications

  • Core skills in Cybersecurity fundamentals and Third Party Risk Management
  • Familiarity with using Third Party Risk Management tools/processes such as OneTrust, SIG or similar GRC platforms.
  • Hands-on experience in Azure, AWS Cloud environments and familiarity with core Cloud services and Cloud architecture
  • Familiarity with core security concepts of Single Sign-on (e.g PingFed, SAML), Identity and Access Administration (Active Directory, Azure AD, AWS IAM), Event Management (Splunk)
  • Expert skills in using Microsoft Office suite, JIRA

Similar jobs