Facebook pixel

Information Security Risk Management Analyst
Confirmed live in the last 24 hours
Locations
New York, NY, USA
Experience Level
Entry
Junior
Mid
Senior
Expert
Desired Skills
Management
Communications
Requirements
  • Support the development, implementation and maturity of information security risk management program
  • Perform periodic risk assessments to identify and mitigate internal and external (i.e., vendors, partners) IT risks
  • Communicate, track and provide guidance on remediation activities of identified security and compliance gaps to internal (i.e., T2 business units, labels, studios) and external parties (i.e., vendors, partners)
  • Manage, update and report on documented and accepted risks
  • Perform periodic user access reviews
  • Support IT department and labels on internal and external information security audit requests (i.e., SOX, external compliance audits)
  • Develop, implement and maintain information security policies and standards
  • Provide guidance to labels and other IT departments on the development and implementation of standard operating procedures and guidelines
  • Support T2 Internal Audit department on all aspects of SOX Compliance and Enterprise Risk Management
  • Oversee the design, implementation and operation of an IT GRC solution
  • Support T2 and labels on development and implementation of GRC workflows to meet business objectives
  • Keep abreast of the latest security, privacy, and regulatory concerns and best practices impacting T2 and labels
  • Capture metrics that measure effectiveness of the overall information security program
  • Performs other duties as assigned
  • 2+ years of experience in IT risk management, IT governance, or internal controls
  • Bachelor's degree in Business Management, Risk Management, Computer Science, or equivalent job experience
  • Experience in supporting, analyzing with use of risk scoring, managing, communicating and acting as a primary resource for risk reviews (new and ongoing)
  • Experience with information security related work (e.g., implemented and/or conducted audits or assessments based on relevant security control frameworks), and have experience with security standards such as CIS, NIST CSF, or ISO 27001
  • Experience in conducting information security, vendor or cloud security risk assessments
  • Knowledge of Governance, Risk, and Compliance (GRC) and vendor risk management tools
  • Industry recognized certifications within the domains of information security (e.g., CISSP, GIAC, CISM, CISA, CIPP, CTPRP, CCSP, etc.) are plus
  • Excellent verbal and written communication, planning, analysis and organizing skills
  • Ability to communicate security requirements in a simple, clear, and concise manner to various stakeholders
  • Strong project management skills with an ability to manage and report on multiple concurrent projects
Take Two
Game publisher