This site uses cookies. To find out more, see our Cookies Policy

Risk Management & Compliance Analyst in Austin, TX at CLEAResult

Date Posted: 9/30/2018

Job Snapshot

  • Employee Type:
    Full-Time
  • Location:
    Austin, TX
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:
    9/30/2018

Job Description

Click the Apply link to create your Job Application

Job Description Summary

Responsible for understanding and promoting compliance with contracts, IT controls, relevant laws, regulations, industry security standards and frameworks. Assists with collection and analysis of risk data, recommending mitigating actions, and leading risk mitigation projects as assigned. Conducts research on current and emerging requirements related to regulations, laws, and rules affecting the business, as well as assist with the risk assessment process and control standards.

Job Description

Principle Duties:

  • Adhere to a schedule of required governance, risk, compliance and audit tasks and activities
  • Monitor appropriate sources for new vulnerabilities, evaluate the risk such vulnerabilities pose to the organization’s information and systems, and advise management of appropriate measures to eliminate or reduce the organization’s risk or exposure to such vulnerabilities
  • Monitor organizational initiatives to ensure they adhere to risk and compliance requirements
  • Maintain expertise in identifying security risks in the IT systems used by the organization
  • Assist with review of business policies and procedures, provide guidance to ensure effectiveness, ensure procedures are aligned with Information Security Policies
  • Attend various compliance and business unit meetings; participate in committees as appropriate
  • Evaluate the design and effectiveness of operational risk internal controls across the organization to ensure risk levels are within thresholds and limits.
  • Maintain process flows, and heat maps identifying gaps, remediation plans and target SLAs
  • Implement a risk exception process, grant temporary exceptions, follow up on expiring exceptions 
  • Assist in the monitoring and surveillance of external vendors and third-party relationships 
  • Performs risk assessments and due-diligence evaluations for new and existing vendors
  • Assist in the development of appropriate information security policies, standards, procedures, checklists, and guidelines tailored to meet the requirements of the organization
  • Contribute to the continued development of internal control awareness in the organization
  • Work with stakeholders to develop enhancements to organizational controls
  • Escalates promptly to appropriate team members, senior management any material breaches of applicable laws, rules, policies, tolerances, appetite, standards, tolerances, SLAs, etc.
  • Gather and analyze data to support compliance and risk scenario development activities
  • Participate in appropriate opportunities for continuing education, seminars, organizations, etc.

Additional Job Description

Successful applicants must have:

  • Bachelor’s degree in computer science, Business Administration or equivalent educational or professional experience and/or qualifications.  An advanced degree is also preferred
  • Industry certification preferred (e.g., CISA, CISM, CISSP, CRISC, GSNA, GLEG, etc.)
  • 2+ years of experience with information technology security programs, audits, controls, assessments, risk assessments, or remediation management
  • Familiarity with privacy laws, data protection/security regulations, and frameworks, such as AICPA SOC2, NIST 800 series, PCI DSS, and ISO 27001
  • Negotiation skills needed to obtain commitments to remediate risks and vulnerabilities
  • Excellent time management and related organizational skills, including appropriate sense of urgency, a proactive approach, and a suitable ability to anticipate and manage project lifecycle events, issues and obstacles
  • Able to identify and document specific security issues, propose resolution options, and interpret matters from the perspective of involved stakeholders
  • Strong analytical skills to analyze risks, evaluate controls, and internal control frameworks, as well as to perform risk assessments and evaluations of vendor and third-party relationships
  • Excellent interpersonal and organizational skills; ability to analyze situations, respond independently, prioritize to meet deadlines, work under pressure, and be a team player while maintaining a positive attitude
  • Excellent communication, listening and facilitation skills
  • A willingness to mentor and guide fellow team members kindly and constructively
  • A desire to share knowledge and teach others

It would really be outstanding if you have:

  • MS in Computer Science or related technical field
  • Experience using or implementing an eGRC platform (e.g. RSA Archer)
  • Experience developing security and risk performance metrics and reporting dashboards for executive, business and technical audiences

Equal Opportunity Employer                       

As an Equal Opportunity Employer, we are committed to ensuring equal employment opportunities for all job applicants and employees. Employment decisions are based upon job-related reasons regardless of an applicant’s race, color, religion, national origin, marital status, age, disability, protected veteran status, sexual orientation or any other protected status. 
 

The above job description and job requirements are not intended to be all inclusive. CLEAResult retains the right to make changes or adjustment to job descriptions and/or job requirements at any time without notice. 

© Copyright 2013 CLEAResult.   All rights reserved.   



As an Equal Opportunity Employer, we are committed to ensuring equal employment opportunities for all job applicants and employees. Employment decisions are based upon job-related reasons regardless of an applicant’s race, color, religion, national origin, marital status, age, disability, protected veteran status, sexual orientation or any other protected status.

The above job description and job requirements are not intended to be all inclusive. CLEAResult retains the right to make changes or adjustment to job descriptions and/or job requirements at any time without notice.