Security Analyst (information security and vendor risk management)_ Atlanta, GA (W2 /Local)

Job Description

Security Analyst (information security and vendor risk management)

Contract/ Contract to Hire /Direct Client

Atlanta, GA

Quals-- Top 5 must have skillsets:

• Experienced security 3rd party risk analyst who knows general security practices.
• Conduct applicable due diligence to onboard new vendors into the vendor management system and set appropriate review requirements based on the vendor risk rating and program guidelines.
• Has worked with 3rd party tools on submitting and receiving security questionnaires, and the ability to assess the responses.
• Experience speaking with vendors to gain more insights.
• Ability to handle pressure and urgent requests.

Responsible for analyzing the information security environment and assisting with the development of security measures to safeguard information against accidental or unauthorized modification, destruction, or disclosure. Work with management, development personnel, risk staff, auditors, facilities, and security department personnel to identify and implement security plans to ensure that all information assets are appropriately safeguarded, including the following:, software applications, hardware, telecommunications, and computer installations. Determine methods of implementing and enforcing security policies. Responsible for maintaining a high level of user trust and confidence in the group's knowledge of and concern for security of systems, while working on multiple network security projects. Essential Responsibilities*:

Lead development of information security technology tasks and projects.

Ability to communicate with all levels of management.

Generate, coordinate, and maintain of project plans.

Develops cost analysis estimates for information security tasks and projects.

Keep project plans updated as required.

Interact with customers as required by project objectives.

Understanding of business process as it relates to information security.

Define, redesign, and document security processes and procedures.

Coordinate the development and delivery of awareness for information security.

Work with resource owners to determine appropriate security policies for securable resources.

Consult with IT staff to evaluate, select, install, and configure hardware and software systems that provide appropriate security functions.

Assist resource owners in understanding and responding to security failures/problems.

Assist in determining cause of security related events and identify potential security related events.

Communicate to appropriate personnel on normal and exception processing of security authorization requests and/or breaches.

Assist with documentation of security policies; maintain resource classification, may be required to present on security status, project status, and security training to management and IT personnel as needed.

Assist in proactively protecting the integrity, confidentiality, and availability of information in the custody of or processed by the company.

Consult with business units to ensure selection and use of realistic enforcement mechanisms.

Aid in review of security policies and auditing of logs.

Assist in developing and maintaining effective disaster recovery plans, processes, and procedures.

Assist inResearch, evaluate, design, test, recommend, and plan implementation of new or improved information security research, evaluate, design, test, recommend, and plan implementation of new or improved information security technology.

Train information owners in the implementation of necessary computer security controls.

*May perform other duties as assigned.

2-6 years experience required. What you need to succeed (minimum qualifications):

· 5 or more years of experience with information technology security programs, audits, controls and/or third-party risk management

· Ability to identify and assess IT security controls against Delta policies and standards and Federal/State Regulatory requirements and identify and communicate gaps

· Exceptional written and verbal communication skills

· Advanced computer skills including Microsoft Office suite and other business-related software programs

· Ability to effectively manage time and productivity with competing priorities in a rapidly changing, fast-paced, interactive, results-based team environment

· Proven analytical / problem solving skills and ability to work with cross-functional teams

· High School diploma, GED or High School Equivalency.

· Embraces diverse people, thinking and styles.

· Consistently makes safety and security, of self and others, the priority.

What will give you a competitive edge (preferred qualifications):

· Bachelor's Degree or 5 plus years of relevant experience in Computer Science, Mathematics, Engineering, Information Systems, Management Information Systems or Information Security

· Key industry certifications such as CISA, CISM, CISSP, CRISC, etc.

· Knowledge of industry standard frameworks such as NIST Cybersecurity Framework, ISO 27001, NIST 800-30, etc.

· Familiarity with third party information security attestations/certifications such as SOC I/II reports, ISO, PCI-DSS, SOX.

· Comprehensive knowledge of third-party risk concepts, methodologies, governance structures and experience in managing risk and performing vendor risk assessments

· Experience across Information Security domains such as governance & compliance, incident response, identity & access management, penetration testing, or e-discovery & forensics

· Experience across IT domains such as application development, infrastructure, technical support and operations, cloud technologies and/or continuity of business

• · Experience with RSA Archer

Will wait for your response.

Vishnu Singh

Email : vishnu@datumtg.com

Phone : 470 451 0404