Information Security Analyst - Issue Remediation

Company: Vector Talent Resources, Inc.
Location: Vienna
Posted on: March 20, 2023

Job Description:

Location: 100% Remote
Client: Major Financial Institution ($160 Billion in Assets, 21,000 Employees)
Contract Duration : 6 months+
Benefits: Medical, Dental, Vision, PTO, and Paid Holiday
Pay: $80/hour

The Information Security-Issues Remediation (ISIR) Analyst will be experienced in reviewing issue/finding remediation plans and ensuring they are able to address the issues identified and if needed that those plans can be validated and are within an acceptable timeframe. The ISIR analyst should have prior issues/findings experience especially with remediation plans and validation of implementation, this could be from Internal Audit, Risk, or Regulatory experiences.

In addition to remediation experience, they should understand risk framework implementation, risk management, security control interpretation, control assessments, standards, and enterprise Governance, Risk and Compliance (GRC) tool operations (i.e., ServiceNow, Archer, Logic Manager). The ISIR Analyst will understand how information security standards apply to the business and be able to articulate need for controls.

The ISIR Analyst will be responsible for supporting the daily operations of reviewing remediation plans and conducting follow up activities. Researching issues, facilitating meetings, and aiding the business to ensure the comprehensiveness and detail of their exception remediation plans and progress on their timelines until closure. Evaluate exception issue remediation plans as they come up for re-review/renewal/expiration.

Responsibilities

• 
  
• Review remediation plans to ensure they are actionable, timely, and can be validated to ensure remediation of the issues identified
  
• Set up meetings with stakeholders within IT and across the credit union to assess and discuss progress of remediation plans and document accordingly in the system
  
• Perform work withing Logic Manager, Archer and Service Now
  
• The analyst may also be asked to assist as needed with the following other duties of the team:
  
• Assess exceptions requests and ensure the completeness and accuracy of the submission to allow for evaluation by management.
  
• Leverage various communications channels and conduct meetings to obtain required information.
  
• Support the Data Transfer Authorization (DTA) process
  
• Work within the Archer platform
  
• Support metrics and reporting around Exceptions and DTA processes.
  
• Seek out and share opportunities to introduce process efficiencies.
  
• Support migrating processes to being managed and facilitated through ServiceNow GRC platform.
  
• Aid the business units in understanding and acting on Standards, including support and review of procedures, hardening standards, and directives.
  
• Keep current with Information Security best practices and industry trends and communicate/apply these practices to policy improvements and compliance actions.
  
• Develop and maintain a thorough understanding of Information Security industry standards/trends, best practices, processes, and technology; communicate information to team members as appropriate.
  
  Qualifications
  
  
  • 
    
  • Experience in Internal Audit, Risk, or Regulatory with a focus on finding/issue remediation
    
  • Issue/Finding remediation tracking and validation
    
  • Experience in the credit union/financial services industry with a focus on regulatory frameworks, information security assessments, and remediation activities
    
  • Experience in information security processes, concepts, principles, and methodologies
    
  • Experience in audit and information security risk assessments
    
  • Knowledge of applicable federal and state laws, rules, and regulations (i.e., Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO)
    
  • Knowledge of NCUA, FFIEC, GLBA, NIST (including the Cyber Security Framework and 800 Series), ISO 27001/27002, SANS/CIS 20, PCI DSS, and other Information Security requirements and frameworks
    
  • Experience that demonstrates knowledge of data security practices and procedures, including risk assessment, authentication technologies, and security attack pathologies
    
  • Effective planning and organizational skills
    
  • Effective research, analytical and problem-solving skills
    
  • Strong verbal, written and interpersonal communication skills, including technical writing
    
  • Bachelor's Degree in business, information systems or related field or equivalent work/military experience
    
  • CISSP, CISA, CCSP, CRISC or other Information Security certifications
    
  • Ability to present findings and conclusions clearly and concisely
    
  • Experience in working with all levels of staff, management, stakeholders, and third parties
    
  • Ability to build effective relationships through rapport, trust, diplomacy, and tact
    
  • Strong word processing and spreadsheet software skills
    
    
    
    
    
    Remains cognizant of and adheres to the client's (Financial Institution) policies, procedures and regulations pertaining to the Bank Secrecy Act.
    
    
    
    
    
    
    Vector Talent Resources is an Equal Opportunity/Affirmative Action employer. All qualified candidates will receive consideration for employment without regard to disability, protected veteran status, race, color, religious creed, national origin, citizenship, marital status, sex, sexual orientation/gender identity, age or genetic information.

Keywords: Vector Talent Resources, Inc., Washington DC , Information Security Analyst - Issue Remediation, Professions , Vienna, DC