Please feel free to refer this position to other groups and people you know.

Position Title – WR741661032015

Sr. Systems Analyst (Risk Analyst) – Information Security – Inv. Mgt. - Marlboro, MA Area – Excellent Package

Excellent Compensation Package – Base + Bonus + PS – Local Candidates Only – Green Card or US Citizen Required

Company

Large, successful, and growing Boston based Investment Management Firm – Great Company – Lots of Upside – Outstanding Compensation Package – Bonus – Profit Sharing etc. Join a team oriented, collaborative, results focused environment and become part of an elite organization with great growth possibilities.

Position Summary:

Information Security is expanding the Risk Management team and is looking for a highly motivated Risk Analyst to be a key contributor to all aspects of the Risk Management program. This individual will have responsibilities in the areas of information security risk assessments (for internal projects as well as third party vendors), establishing and supporting control frameworks for use throughout the firm, working with the GRC toolset in support of established controls, as well as working with clients, auditors, vendors, and internal groups to assess, report on and present on risks.

Responsibilities:

· Help identify appropriate control standard and assessment frameworks.

· Assist in implementation of Enterprise Governance, Risk and Compliance (eGRC) tool to support the Risk Management program.

· Coordinate business-level information security risk assessments for key information assets.

· Help to identify and track mitigation actions intended to reduce identified risks, as well as tracking and reporting on changes in key risk indicators.

· Work with the vendor management team to perform thorough technical and policy-based information security risk assessments of key third party vendors.

· Work with internal application, infrastructure, and architecture teams to assess the information security risk of existing technology, infrastructure and processes as well as proposed projects.

· Assist with Information Security Awareness programs delivered firm wide as well as tailored to specific groups.

· Assist with information security risk aspects of internal audits.

Required Skills and Competencies:

· 5+ years’ experience in the area of Information Security Risk Analysis.

· Proven experience using Governance, Risk & Compliance (GRC) framework, and experience working with enterprise GRC platform tools to understand, evaluate, and quantify risk.

· Experience with Vendor Management Programs, performing risk assessments of third party service providers/vendors based on ISO27001 and SIG, review of SSAE16, etc.

· Experience and knowledge of control standards and evaluation frameworks such as ISO27001, NIST Cybersecurity Framework, etc.

· Experience performing technical risk assessments for internal projects, working closely with the architecture team.

· Significant breath of technical experience and critical analysis skills sufficient to perform detailed risk analysis on a variety of technologies and use cases.

· Past experience working with auditors to prepare SSAE16 or similar reports.

· Experience responding to client RFPs, and meeting with clients to review information security posture.

· Excellent verbal and written communication skills and presentation skills.

· Bachelor’s Degree in Computer Science or related discipline

Keys to this Position:

1) We are seeking 5 plus years of experience with Security Risk assessments. The Security Risk assessment will affect both external vendor’s and internal projects so experience in both areas are highly desired.

2) Governance Risk and Compliance tool experience (such as Archer and Agiliance) are desired. Archer would be the more desired tool.

3) The role is based in Marlborough but there is weekly travel to Boston (1 to 2 days/week) so the candidate must be flexible to go to both locations.