Facebook pixel

Information Security Risk Management Analyst
Confirmed live in the last 24 hours
New York, NY, USA
Experience Level
Desired Skills
  • Support the development, implementation and maturity of information security risk management program
  • Perform periodic risk assessments to identify and mitigate internal and external (i.e., vendors, partners) IT risks
  • Communicate, track and provide guidance on remediation activities of identified security and compliance gaps to internal (i.e., T2 business units, labels, studios) and external parties (i.e., vendors, partners)
  • Manage, update and report on documented and accepted risks
  • Perform periodic user access reviews
  • Support IT department and labels on internal and external information security audit requests (i.e., SOX, external compliance audits)
  • Develop, implement and maintain information security policies and standards
  • Provide guidance to labels and other IT departments on the development and implementation of standard operating procedures and guidelines
  • Support T2 Internal Audit department on all aspects of SOX Compliance and Enterprise Risk Management
  • Oversee the design, implementation and operation of an IT GRC solution
  • Support T2 and labels on development and implementation of GRC workflows to meet business objectives
  • Keep abreast of the latest security, privacy, and regulatory concerns and best practices impacting T2 and labels
  • Capture metrics that measure effectiveness of the overall information security program
  • Performs other duties as assigned
  • 2+ years of experience in IT risk management, IT governance, or internal controls
  • Bachelor's degree in Business Management, Risk Management, Computer Science, or equivalent job experience
  • Experience in supporting, analyzing with use of risk scoring, managing, communicating and acting as a primary resource for risk reviews (new and ongoing)
  • Experience with information security related work (e.g., implemented and/or conducted audits or assessments based on relevant security control frameworks), and have experience with security standards such as CIS, NIST CSF, or ISO 27001
  • Experience in conducting information security, vendor or cloud security risk assessments
  • Knowledge of Governance, Risk, and Compliance (GRC) and vendor risk management tools
  • Industry recognized certifications within the domains of information security (e.g., CISSP, GIAC, CISM, CISA, CIPP, CTPRP, CCSP, etc.) are plus
  • Excellent verbal and written communication, planning, analysis and organizing skills
  • Ability to communicate security requirements in a simple, clear, and concise manner to various stakeholders
  • Strong project management skills with an ability to manage and report on multiple concurrent projects
Take Two
Game publisher