Risk and Security AnalystApply Now
Location: Cambridge, Massachusetts 02142
Employment Type: Contract
Classification: 1 Year Contract to Start (Strong Likelihood of Extensions and/or Conversion to Permanent Full-Time Status)
Job Summary: Help operationalize our security (NIST) and compliance controls frameworks (SOX, GxP) to ensure the proper implementation of security controls across identified environments. This includes identifying gaps and compensating controls, helping IT control owners develop remediation plans, and developing/ reporting metrics on results. This position reports to the Associate Director, IT Governance and Controls Team Lead.
- Provide professional and technical information assurance and security expertise to support the design, implementation and operation of enterprise governance, risk and compliance (GRC).
- Write Policies and related supporting documentation, such as standards and procedures. Help develop processes to support GRC business needs using tools to automate these processes.
- Contribute to the enhancement/refinement of the Information Security Risks & Controls library. Assist IT System Owners and Control Owners in attestation and assurance processes.
- Assist with the development and implementation of controls in alignment with NIST standards: Assist in implementation of Common Controls in the GRC tool and subsequent ongoing authorization and continuous monitoring.
- Bachelor’s degree in Computer Security / Science or Information Security; or equivalent experience required. Proven experience with control monitoring principles and practices.
- Certification credentials in fields associated with Information Technology, Information Technology Auditing, Information Security, Risk or other related studies preferred.
- A minimum of 5-7 years’ experience in information security and/or risk management, especially in an information risk analysis, Enterprise Risk Management (ERM), and/or IT Audit role.
- Knowledge of quantitative and qualitative risk evaluation methods, including information security control frameworks such as NIST, ISO, and COBIT.
- Ability to understand and engage applicable industry-related regulatory requirements (e.g., FDA, FIPS, EU Annex 11, GDPR).
- Direct experience in cybersecurity risk analysis and related security products/systems (ServiceNow GRC strongly preferred).
Ovrille is responsible for full lifecycle recruiting for JVT’s clients across several industry verticals. He supports the Contract Recruiting team, and specializes in identifying temp (contractual) and temp-to-perm resources for JVT’s clients.
Can't find your fit?
We get new jobs every day. Send us your resume and we'll let you know when we have the right opportunity for you.