Network Security Engineer
Liebherr Group
CloudCyber SecurityFirewalls
Senior Risk Analyst, Cyber GRC
CrowdStrike
full-time
Posted on:
Origin: • 🇺🇸 United States
Visit company websiteSalary
💰 $100,000 - $155,000 per year
Job Level
Senior
Tech Stack
CloudCyber SecurityServiceNow
About the role
- Develop and maintain risk controls and mitigation strategies, create and update risk management documentation and policies, collaborate with stakeholders to evaluate and address security risks, and monitor and report on risk metrics and KPIs
- Conduct comprehensive risk assessments to evaluate, rate, and prioritize risks based on potential impact and likelihood of exploitation
- Triage, process, and resolve security issues and requests for exceptions, engaging with various stakeholders such as owners, subject matter experts, and compliance specialists
- Generate detailed reports and dashboards to identify risk exposure resulting from risk assessments, issues, and exceptions; and analyze data to identify root causes, risk, and trends
- Collaborate with cross-functional teams to address and understand risk and resolve identified issues, lead investigations, and communicate technical risks and findings to non-technical stakeholders
- Identify opportunities to streamline and optimize risk assessments, automate manual processes, and maintain comprehensive documentation
- Create risk assessment processes and functionality in our GRC tool and perform security risk assessments and reporting for senior leadership across the security risk register
- Work across security teams and the business driving common approaches to risk analysis and risk rating
- Identify and mitigate high-priority risks, reducing risk exposure to the organization
- Develop and provide training and communications to stakeholders on risk and control processes
Requirements
- Bachelor's Degree in Computer Science, Information Security, or a related field is required
- 5-10 years of experience in a security-related role, with experience in issue and exception management, risk assessment, and compliance
- Strong technical knowledge and understanding of security concepts, including risk management and compliance
- Relevant certifications such as CISSP, CISM, or CRISC are preferred
- Practical experience with requirements and controls from regulatory requirements such as SOC1/SOC2, CSA-CCM, ISO27001/27002/27031, GDPR, PCI-DSS and frameworks such as NIST Risk 800-34, NIST 800-53
- Understanding of key technologies such as operating systems, networks, application development, databases, virtualization, and cloud infrastructures
- Proven track record of successfully collaborating with cross-functional teams
- Ability to build rapport and maintain relationships across functions, external vendors, and governmental teams
- Ability to think strategically about risks and tie those risks to tactical organizational activities
- Leadership skills to lead issue analysis and security risk assessments
- Strong analytical and problem-solving skills
- Excellent communication and collaboration skills
- Program and project management experience in scoping, work break-down, critical path analysis, resourcing, managing time and cost estimates, project risks, and quality
- Periodic background and fingerprint check(s) consistent with government customer requirements may be required
