Information Security Analyst

What you'll do
− Perform due diligence assessments within the Vendor Management Program, including new engagements and ongoing monitoring of existing providers.
− Function as a technical consultant conducting security risk assessments for all IT environment, systems, products or services.
− As required assist and provide guidance to business stakeholders, project managers and solution architects through the lifecycle of a project related to project and business change.
− Act as a knowledge bridge between the business line and Information Security for identified 3rd party / Application risk findings, ensuring timely action for any risk assessment recommendations.
− Contribute to the development and enhancement of a standard due diligence assessment and framework based upon compliance with industry standards, global regulations and privacy laws for assessing third-party service providers.
− Receive, coordinate, manage, track, store, and provide accurate and well written responses to customer requests for information regarding the technical aspects of services and the system of controls protecting the confidentiality, integrity and/or availability of services.
− Create or update customer-facing information security documentation including product security, architecture brochures or data flow diagrams.

The Knowledge, Experience And Qualifications You Need
− Minimum 2 years of information security experience related to third-party risk
− Proven track record in risk identification and management
− Hands on experience with Security technologies.
− Experience reviewing IT and Security Architecture.
− Knowledge of IT Networking and Infrastructure.
− Knowledge of application security and secure coding practices.