Sr Information Security Risk Analyst

Company: The Judge Group
Location: Sacramento
Posted on: August 5, 2022

Job Description:

Location: Sacramento, CA Salary: Competitive Description: The Judge Group has partnered with one of the largest financial services companies in CA to find a Sr. Information Security Risk Analyst for their headquarter office in the Sacramento area. This is a direct hire, full time position that offers great salary, annual bonus, full benefits, and includes a hybrid/remote option.
Qualified candidate can email their resumes directly to for faster consideration GENERAL DESCRIPTION The Senior Information Security Risk Analyst focuses on ensuring sound implementation of systems and processes aimed at effectively securing the organization s information, infrastructure and member non-public financial data. It involves overseeing information security risk management functions, including information security risk assessments, vendor assessments, and executive reporting functions. The Senior Information Security Risk Analyst will also help internal teams with identifying a viable corrective action plan that aligns with the company s risk appetite. As the subject matter expert, provides internal security consultancy, as well as analyzes, supports and assists in resolving system security issues and concerns to Company s internal and external business environments, and others. WHAT YOU WILL DO:

• Leads information security risk assessments utilizing the Credit Union s risk scoring methodology. The candidate must be able to communicate and quantify risk using threat, likelihood and the impact to the Credit Union s business operations and member experience.
• Create periodic executive management reports which depict the Credit Union s current information security risk landscape.
• Enhance company s Governance, Risk, and Compliance (GRC) platform to align the system with the operational risk management tasks within the organization. Create information security risk management dashboards with consumable metrics.
• Leverage the organization s GRC platform to manage ongoing as well as one-time risk assessments.
• Lead the information security review of potential vendors to identify control weaknesses which could pose a risk to the Credit Union and its members.
• Lead, conduct and document annual vendor information security risk assessments for currently approved vendors.
• Document observations from risk assessment following company policies and practices.
• Work with IT and business partners to recommend appropriate defenses with countermeasures, remediation, policy, and process improvement recommendations to the Credit Union s security and risk posture.
• Provide consultative support as a security subject matter expert on company projects and initiatives.
• Define and evaluate functional requirements and specifications of security systems for both internal and external business environments.
• Monitor, measure, test and report on the effectiveness and efficiency of information security controls as well as compliance with information security policies and procedure.
• Keep management updated on outstanding issues that are not resolved in a timely manner in accordance with established escalation procedures.
• Act as the primary point of contact for internal and external auditors during examinations providing support and assistance in addressing audit recommendations.
• Maintains a thorough understanding of state and federal laws and regulations related to credit union compliance, including bank secrecy and anti-money laundering laws appropriate to the position.
• Performs other job-related duties as necessary. WHAT YOU MUST HAVE:
  • Bachelors in Business Administration, Management Information Systems, Information Security Information Assurance or equivalent work experience.
  • 5 + years of hands on experience in information security risk management disciplines, including information security risk assessments.
  • At least 3 years experience in organizational information security, information assurance or providing security consulting services, preferably within a financial institution.
  • Working knowledge of GRC platforms.
  • Knowledge of information security principles, objectives, and security system standards including but not limited to: network topology threats, vulnerabilities, segmentation, filtering, tunneling, authenticating, access control, cryptography, system and network hardening.
  • Experience with risk assessment methodologies, risk appetites, and effective quantitative and qualitative risk communication methodologies as well as threat modeling.
  • Demonstrates knowledge of business, network systems, hardware concepts, and applications including: DNS, LDAP, virtualization, Database design/hardening, E-mail/secure messaging, Data Loss Prevention, and end point protection.
  • Strong sense of ethics, integrity, and professionalism.
  • Demonstrates the ability to articulate methodologies and concepts; communicate effectively in providing technical guidance and expertise to management and other staff. LICENSES/CERTIFICATIONS One of the following active security certifications: CISSP, CISM, CISA, CRISC CEH, SSCP, SANS GIAC, or equivalent. Possession of a valid California Driver s License is required.
    Contact: This job and many more are available through The Judge Group. Find us on the web at

Keywords: The Judge Group, Sacramento , Sr Information Security Risk Analyst, Professions , Sacramento, California