Jobs · Information Technology · Delaware

Senior Information Security Analyst

CSC · Wilmington, DE · 1 wk ago
HybridInformation TechnologyFull-time

About the role

The Information Technology Risk Oversight (ITRO) function, within CSC Legal, Risk & Compliance Global Shared Services, is seeking to expand its dynamic second-line IT risk oversight team with the addition of a Senior Information Security Analyst. This role is a key component of the broader Risk Management and Governance frameworks and will play a pivotal part in the continued maturation and embedding of the Enterprise Risk Management (ERM) framework. The position will focus on the oversight and management of current and emerging risks across Technology, Data, Cyber, and Artificial Intelligence (AI).

Responsibilities

  • Promote good risk management practices and governance across the organization in line with CSC Enterprise Risk management Framework (ERMF). This includes close cooperation with Enterprise Security and Business Unit technology teams.
  • Ensure enterprise risk management requirements are incorporated into enterprise and product governance forums and provide independent challenge to technology and business leaders on risk posture.
  • Provide risk advisory for new product launches, technology and AI adoptions and vendor integrations
  • Support and guide risk and control owners during initial control design of in-house and third party applications and emerging technologies including AI
  • Support and drive compliance with regulatory expectations
  • Provide 1st line teams with the necessary tools (policy, standards, templates, advice and guidance) to embed a structured, consistent way of risk identification, evaluation, monitoring and reporting across Cyber Security, Technology, Data and AI risk taxonomies
  • Participate and/or facilitate IT & cyber risk assessments and deep dives across key systems and applications including third party systems and SaaS solutions
  • Partner with Enterprise Security and BU Technology teams to ensure risks are properly recorded, tracked and remediated in CSC global GRC tool
  • Participate and drive the development of risk action and mitigation plans including root cause analysis
  • Promote and support the development of appropriate control frameworks to ensure Cyber security, Technology, Data and AI risks are managed responsibly
  • Drive firm-wide risk policy enhancements, consistent distribution of the policies, oversight of policy implementation and procedure/standard alignment
  • Ongoing assessment and recalibration of the global risk appetite across business units, shared services and locations across CSC
  • Targeted and thematic risk management deep dives
  • Undertake planned second line risk assessments, application control reviews and third party risk management
  • Assist with Executive and Board level risk reporting on Information Security and Technology themes

Requirements

  • Critical thinking, with a willingness to learn, grow, and challenge status quo.
  • Self-starter with proven track record on managing demands.
  • Minimum of 7 years’ experience in Information Security and/or Technology Risk management within financial services ideally within regulated environments.
  • Relevant certification(s) e.g. CISSP, CISM, CRISC or CISA
  • Deep experience or equivalent experience in technology risk management, information security and cyber with a focus on risk identification, assessment and mitigation
  • Experience with industry frameworks such as COSO, COBIT, ISO27001, NIST and other including a solid understanding of the 3 lines of defense model
  • Knowledge of Operational resilience regulations and guidelines including DORA
  • Hands-on experience in targeted and thematic risk management deep dives from planning, scheduling and execution with good written and communication skills to all levels of management
  • Experience in using and implementing solutions with AI tools such as Claude Code / Github Copilot is an advantage
  • Data management and governance experience ideal but not essential, however an interest to grow personally as the company matures
  • Results orientated. A self-starter with a commitment to challenge the status quo and help drive the risk management agenda forward in partnership with colleagues across all lines of defense
  • Stakeholder management. The successful candidate will have excellent interpersonal skills and the ability to communicate well at all levels of the organization

Qualifications

  • Relevant degree in Information Technology, Computer Science, or a related field.
  • Proven experience in Information Security and/or Technology Risk management within financial services.
  • Proven track record in managing demands and promoting good risk management practices.
  • Relevant certifications such as CISSP, CISM, CRISC or CISA.
  • Experience with industry frameworks such as COSO, COBIT, ISO27001, NIST and other including a solid understanding of the 3 lines of defense model.
  • Knowledge of Operational resilience regulations and guidelines including DORA.
  • Hands-on experience in targeted and thematic risk management deep dives from planning, scheduling and execution.
  • Experience in using and implementing solutions with AI tools such as Claude Code / Github Copilot.
  • Excellent interpersonal skills and the ability to communicate well at all levels of the organization.

Skills

  • Subject matter expertise in InfoSec and Cyber risk
  • Ability to handle a variety of Tech/Cyber assurance projects across various domains
  • Experience with industry frameworks such as COSO, COBIT, ISO27001, NIST and other including a solid understanding of the 3 lines of defense model
  • Knowledge of Operational resilience regulations and guidelines including DORA
  • Hands-on experience in targeted and thematic risk management deep dives from planning, scheduling and execution
  • Experience in using and implementing solutions with AI tools such as Claude Code / Github Copilot
  • Excellent written and communication skills to all levels of management

Benefits

At CSC, we offer a range of support to colleagues with disabilities, ensuring people have the necessary resources to thrive in their roles. We encourage candidates to work closely with our talent acquisition partners to convey their specific needs. Our commitment to accessibility reflects our broader dedication to diversity and belonging.

Pay

Competitive compensation package including annual success-sharing bonuses or commission plans based on individual performance.

Schedule

Remote work schedule is available in alignment with local regulations.

Contact

To learn more about CSC and our commitment to our clients, communities, and each other, visit cscglobal.com/service/careers.

Similar jobs