The final salary or hourly wage, as applicable, paid to each candidate/applicant for this position is ultimately dependent on a variety of factors, including, but not limited to, the candidate’s/applicant’s qualifications, skills, and level of experience as well as the geographical location of the position.

Applicants must be legally authorized to work in the United States. Sponsorship not available.

Our client is seeking a Sr. Information Security Risk Analyst in Richmond, VA.

Role Description

The Senior Information Security Risk Analyst will lead specific information security risk management related activities that protect the company and its clients while complying with applicable regulations and company policies. The Senior Information Security Risk Analyst provides subject matter expertise and leadership to improve the organization’s security policies and security risk management processes by establishing a framework of controls so that the company can manage risk, meet regulatory compliance and maintain governance over all aspects of IT. The Senior Information Security Risk Analyst will have responsibilities to ensure that the company identifies risks and treats them in a timely manner while reporting the current level of exposure to known threats. The role includes implementation and maintenance of policies, as well as training and awareness plus vendor risk management responsibilities. The position requires experience of information security risk management in a regulated environment using industry standard risk and control frameworks. This role will work closely with Enterprise Risk Management (ERM) leaders.

• Lead all audit prep and response across InfoSec and IT. Coordinate response to Internal Audit document requests, stage content and conduct reviews for completeness.
• Support Controls, Policy, Standards and Procedures maturity program for InfoSec and IT to meet mandatory FFIEC, SOX requirements and a threat/risk-based controls program buildout.
• Perform security risk analysis with the goal of identifying risk and elevating the company’s security posture.
• Serve as a subject matter expert and trusted advisor as part of establishing relationships to support risk-based decision making across business, IT and the broader stakeholder community.
• Contribute to Information Security reports for Technology and Third-Party Risk Committee (TTRC), Cybersecurity Working Group (CSWG), and Operational Risk Committee as necessary.
• Lead efforts to track and remediate risk when those risks are determined to have a threat to the safety, soundness, or reputation. Track risks and issues and ensure their on-schedule remediation in alignment with the ERM issues management process.
• Establish and maintain processes for managing security-related audits, control assessments, compliance checks and external assessments across Business, IT and Information Security. Ensure timely and complete responses to evidence requests and compile management responses and remediation plans as needed.
• Emphasize the application of privacy, security, business resiliency and compliance frameworks including but not limited to, FFIEC (Federal Financial Institutions Examination Council), Sarbanes-Oxley (SOX), Gramm-Leach-Bliley Act (GLBA), Service Organization Controls (SOC) 2, PCI-DSS, and ITIL V3/4 processes.
• Support cyber training and awareness program, Cyber Tabletop exercises, Red Team Exercises, penetration testing and ensure all findings are addressed timely via the risk issue management process.

Skills & Requirements

• Between 6 - 10 years’ experience in one or more information security roles, including security risk analysis and control design, compliance and risk management, security control process assurance or audit of technology controls
• bachelor’s degree in information security, Computer Science, Management of Information Systems, or related field required. Master’s degree in a related field is an advantage.
• Professional security risk management certification is required, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems

• Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials.
• Proven experience configuring, managing, and optimizing RSA Archer solutions, with a strong understanding of GRC frameworks and integration of risk data across multiple business units.
• Proficient in GRC platforms including RSA Archer, ServiceNow, and other risk management tools. Experienced in automating workflows, building dashboards, and supporting enterprise risk and compliance programs.
• Demonstrated deep background (preferred 4+ years) in risk treatment, controls selection and information security controls process design.
• Demonstrated knowledge of IT infrastructure, cloud (SaaS, IaaS) and application security technology and related controls and products is required.
• Demonstrated experience with security processes and technology solutions that align with controls for FFIEC, SOX Section 404, ISO 27001/2, Center for Internet Security (CIS) Critical Security Controls (CSC), or National Institute of Standards and Technology (NIST) 800-53 guidelines is preferred.
• Experience applying the FFIEC Cybersecurity Assessment Tool (CAT) Tool in a banking environment is preferred.
independently.
• High level of personal integrity, high degree of initiative, dependability and ability to work with limited supervision.

Benefits/Other Compensation

This position is a contract/temporary role where Hays offers you the opportunity to enroll in full medical benefits, dental benefits, vision benefits, 401K and Life Insurance ($20,000 benefit).

Why Hays?

You will be working with a professional recruiter who has intimate knowledge of the industry and market trends. Your Hays recruiter will lead you through a thorough screening process in order to understand your skills, experience, needs, and drivers. You will also get support on resume writing, interview tips, and career planning, so when there’s a position you really want, you’re fully prepared to get it.

Nervous about an upcoming interview? Unsure how to write a new resume?

Visit the Hays Career Advice section to learn top tips to help you stand out from the crowd when job hunting.

Hays is committed to building a thriving culture of diversity that embraces people with different backgrounds, perspectives, and experiences. We believe that the more inclusive we are, the better we serve our candidates, clients, and employees. We are an equal employment opportunity employer, and we comply with all applicable laws prohibiting discrimination based on race, color, creed, sex (including pregnancy, sexual orientation, or gender identity), age, national origin or ancestry, physical or mental disability, veteran status, marital status, genetic information, HIV-positive status, as well as any other characteristic protected by federal, state, or local law. One of Hays’ guiding principles is ‘do the right thing’.
We also believe that actions speak louder than words.
In that regard, we train our staff on ensuring inclusivity throughout the entire recruitment process and counsel our clients on these principles. If you have any questions about Hays or any of our processes, please contact us.

In accordance with applicable federal, state, and local law protecting qualified individuals with known disabilities, Hays will attempt to reasonably accommodate those individuals unless doing so would create an undue hardship on the company. Any qualified applicant or consultant with a disability who requires an accommodation in order to perform the essential functions of the job should call or text 813.336.5570.

Drug testing may be required; please contact a recruiter for more information.

#LI-DNI