Conduct Information Risk Assessments as assigned to the team. Request and analyze documentation necessary to perform appropriate assessment and conduct necessary interviews in order to collect and review relevant materials necessary to produce results of the assessment.
Clearly and concisely document and communicate risk assessment results with requestor, security architects and management, as appropriate.
Conduct and formulate appropriate risk scoring, as it relates to threat, vulnerability, likelihood, impact, security controls/counter-measures, etc.
Understand and contribute to inventory of risk register tracking, scoring and associated risk statements.
Perform follow up activities related to exceptions, risk acceptance, corrective action plans and additional mitigation activities.
Communicate risk treatment methodology; risk avoidance, risk acceptance, risk transference and risk mitigation to appropriate groups.
3 – 5 years’ experience in Information Security and/or Information Risk Management and/or Information Technology
1 – 3 years’ experience within Information Security Governance, Risk and/or Compliance functions and activities
1 – 3 years’ experience developing, communicating and presenting Information Security and Risk Management concepts to varying audiences
HITRUST and SOC2 experience Preferred.