Risk and Security AnalystApply Now
Location: Cambridge, Massachusetts 02142
Employment Type: Contract
Contract Length: 6 months
Job Summary: Help operationalize our security (NIST) and compliance controls frameworks (SOX, GxP) to ensure the proper implementation of security controls across identified environments. This includes identifying gaps and compensating controls, helping IT control owners develop remediation plans, and developing/ reporting metrics on results. This position reports to the Associate Director, IT Governance and Controls Team Lead.
- Provide professional and technical information assurance and security expertise to support the design, implementation and operation of enterprise governance, risk and compliance (GRC).
- Write Policies and related supporting documentation, such as standards and procedures
- Help develop processes to support GRC business needs using tools to automate these processes.
- Contribute to the enhancement/refinement of the Information Security Risks & Controls library
- Assist with the development and implementation of controls in alignment with NIST standards: Assist in implementation of Common Controls in the GRC tool and subsequent ongoing authorization and continuous monitoring
- Assist IT System Owners and Control Owners in attestation and assurance processes.
- Bachelor’s degree in Computer Security / Science or Information Security; or equivalent experience required.
- Certification credentials in fields associated with Information Technology, Information Technology Auditing, Information Security, Risk or other related studies preferred.
- A minimum of 5-7 years’ experience in information security and/or risk management, especially in an information risk analysis, Enterprise Risk Management (ERM), and/or IT Audit role.
- Knowledge of quantitative and qualitative risk evaluation methods, including information security control frameworks such as NIST, ISO, and COBIT.
- Ability to understand and engage applicable industry-related regulatory requirements (e.g., FDA, FIPS, EU Annex 11, GDPR)
- Direct experience in cybersecurity risk analysis and related security products/systems (ServiceNow GRC strongly preferred)
- Demonstrable knowledge of information security standards, data security practices and procedures, network security, application security, and database security.
Can't find your fit?
We get new jobs every day. Send us your resume and we'll let you know when we have the right opportunity for you.