Sr. Cyber Risk Analyst

$80,000 - $95,000/Yr

American Heart Association - Portland, OR

posted 7 months ago

Full-time - Mid Level
Portland, OR
11-50 employees
Religious, Grantmaking, Civic, Professional, and Similar Organizations

About the position

As we celebrate our Centennial year, we invite you to join us in shaping the next century of impact. Be a relentless force for a world of longer, healthier lives as we remain devoted to a future of health and hope for everyone, everywhere. At the American Heart Association, your contribution matters, and so does your career. The American Heart Association has an excellent opportunity for a Sr. Cyber Risk Analyst in our National Center office located in Dallas, TX. (Home-based work available). The Business Technology (BT) Sr. Cyber Risk Analyst is responsible for risk identification and management across the BT department and the overall American Heart Association organization. This position will support the BT Risk Manager in the management and administration of the Cyber/Risk Management program and Governance Risk and Compliance (GRC) processes and tools. The primary goal of the BT Risk Management team is to protect the confidentiality, integrity, and availability of American Heart Association's data. The Sr. Cyber Security Risk Analyst will partner with all appropriate parties which includes, but is not limited to: other departments, service providers, application service providers, technology staff, etc. to help ensure risks are managed appropriately to support the BT Risk Management needs of the American Heart Association. The Association offers many resources to help you maintain work-life harmonization through your changing needs and life situations. To help you be successful, you will have access to Heart U, our award-winning corporate university, as well as additional training and support, locally.

Responsibilities

  • Active participation in developing and implementing strategic initiatives for the Cyber Risk Management Program (CRMP).
  • Develop quantitative risk valuation models and tooling to inform and support strategic and tactical risk-based decisions.
  • Enhance Vendor Security Assessment process by collaborating with business and technology stakeholders.
  • Maintain security scorecards and metrics from vendors, corporate functions and affiliated offices.
  • Communicate technical issues to diverse audiences and have knowledge and/or experience in application and infrastructure security, public cloud.
  • Review and analyze statistics of network events and system performance to locate and recommend remediation and lead strategies for discovered vulnerabilities.
  • Assist and partner with the Affiliates on annual PCI Data Security Certification Process.
  • Support and administer the Governance Risk and Compliance (GRC) Tool surrounding data mapping, cookie consent, privacy consent, third-party risk management and overall risk management.
  • Act as point of contact to coordinate Technical incident response.
  • Support incident response efforts and conduct post-incident analysis to identify areas for improvement.
  • Assist project teams in the implementation of security measures to meet corporate security policies, manage risk, and meet external regulations, including various data security standards.
  • Weigh business needs against security concerns and articulate issues and options to management.
  • Research and assess new threats and security alerts and recommend remedial action.
  • Ensure proper documentation of technology assessment results, and monitor remediation.
  • Deliver all documentation developed during task execution, with status of all work in progress.
  • Create Weekly and Monthly Status reports, including daily technical task reports, threat management reports, among others.
  • Support the Business Technology Disaster Recovery process.

Requirements

  • Bachelor's degree in Computer Sciences, Computer Engineering, Information Assurance, Information Security and/or Risk Management.
  • At least 6 years of experience in information security controls methods, processes and risk management best practices in a Global-International forum.
  • Proven experience in successfully implementing PCI DSS framework.
  • Strong technical information security knowledge to assess various information security and risk management processes and tools.
  • Experience with Security Controls frameworks (e.g. CobIT, ISO 27001, NIST, PCI DSS, RMF, among others) and knowledge of privacy regulations (e.g. GDPR, CPRA, CPA, etc.).
  • Able to work effectively in an environment characterized by multi-tasking, fast-paced, led by multiple projects and conflicting priorities.
  • Multi-level communications and interpersonal skills (including strong documentation skills).
  • Able to effectively communicate security-related concepts to a broad range of technical and non-technical staff; across IT and business.
  • Information Security Certification(s) preferred, which may include, but is not limited to: CEH, CISSP, PCI ISA, among others.

Nice-to-haves

  • Experience with cloud security practices and tools.
  • Familiarity with risk assessment methodologies.
  • Knowledge of incident response frameworks and best practices.

Benefits

  • Medical, dental, vision, disability, and life insurance coverage.
  • Robust retirement program that includes an employer match and automatic contribution.
  • Employee assistance program and wellness program.
  • Telemedicine and medical consultation services.
  • Paid Time Off (PTO) at a minimum of 16 days per year, increasing with seniority.
  • 12 paid holidays off each year.
  • Tuition Assistance for further education and career development.
Job Description Matching

Match and compare your resume to any job description

Start Matching
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service