DescriptionThe Cyber Security Risk Analyst II is responsible for ensuring information security best practices relating to issues such as: collaborate in the development of IT standards and policy for systems; conducting/coordinating information security risk assessment and analysis; establishing reasonable information security guidelines; assisting with monitoring and management of systems security vulnerabilities; conducting/coordinating information security audits (Assessment and Authorization processes) and oversight of the exception process, conduct information security reviews of third parties in the supply chain, assist in providing responses to questions from other departments and third parties about the Company’s security posture and controls.
What You Will Do:
- Perform risk analysis and intelligence information analysis to determine likely threats.
- Conduct information security risk assessments
- Conduct information security audits, including security controls assessments, Assessment and Authorization process, and oversee exception process. Audits and assessments will be against various information security standards, including NIST and ISO standards.
- Prepare and deliver presentations to management teams and user groups.
- Conduct information security reviews of third parties in the supply chain.
- Provide responses to questions from other departments and third parties regarding the company’s information security posture and controls.
- Assist in the design and support of internal cyber security education and awareness activities.
- Assist in the risk assessment and management of security vulnerabilities.
- Establishing reasonable security guidelines and measures to protect data and systems.
What You Will Need:
Education and Experience
- Bachelor’s Degree in Information Security or related field of study, or equivalent work experience.
- Minimum of seven (7) years of previous related work experience in IT operations and information security risk management
- IT Security Industry certification (SANS, ISC2, etc.)
Knowledge, Skills, and Abilities
- Compliant with Federal International Traffic and Arms Regulations (ITAR) requirements.
- Experience in Best Practices, Standards, and requirements from DFARS and NIST.
- Prior experience working in a global organization.
- Prior experience required in the Information Technology field of IT Security and/or Operation and IT Risk management.
- Clarity and conciseness in oral and written communications; demonstrated capability to produce effective presentations for delivery to both technical and non-technical audiences.
- Strong interpersonal skills to achieve process changes and departmental goals within a matrix organization; ability to communicate and work well with others at all levels of the corporation.
- Understanding of basic network concepts such as TCP/IP, subnetting, firewalls, and other network administration protocols.
- Understanding of typical IT systems operations, configurations, and management.
- Experience working with vulnerability and risk management processes.
- Experience using a GRC Tool.
- Knowledgeable of the C&A or A&A process.
- Ability to develop a working knowledge of ABS Rules, Guides, statutory regulations, and related instructions, as well as the ABS Employee Safety Policy.
Reporting Relationships:
Reports to Manager or Executive level position
Notice:
This position requires access to information that is subject to control by the Export Administration Regulations and/or the International Traffic in Arms Regulations. Any offer of employment shall be contingent upon the Company’s verification that the candidate is a “U.S. Person” or upon the receipt of all necessary export licenses or authorizations that may be required by U.S. export control laws. “U.S. Persons” are defined as U.S. citizens, U.S. lawful permanent residents (i.e., “green card” holders), or any individual granted protected status under the Immigration and Nationality Act (8 U.S.C. § 1324b(a)(3)), including asylees and refugees. In the event a candidate refuses or cannot otherwise provide the necessary information for the Company to determine whether such licenses may be required, or for the Company to obtain any required licenses, the Company shall maintain the exclusive right to discontinue the application process and/or withdraw any contingent offer that has been made.