Job #: 2485
Title: Security Risk Analyst – St. Louis, MO
• Processing all new Idea and project requests that are brought to SRM’s attention to action for technical review.
• Creating risk assessments, associating security requirements to inherent risk characteristics, and communicating security requirements to project teams.
• Handing both general and technical security inquiries into Security Risk Management leveraging email, Slack, and other data feeds from external systems.
• Receive project requests from various systems and review inherent risk characteristics
• Identify the security assessment needed based on inherent risk characteristics
• Determine based on inherent risk and project understanding what security teams will need to be potentially engaged
• Establish and coordinate risk assessment discovery and kickoff meetings to better understand the aspects of the project and the potential risk they pose to the firm
• Coordinate architects and engineers that need to be involved in a project and communicate to Product/Project teams who in SRM will be involved
• Coordinate security requirements from an application, cloud, and infrastructure engineering teams standpoint based on new standards, best practices, threats, and regulatory requirements, ratify security requirements with security engineers and architects
• Maintain security requirements baseline and update accordingly in SharePoint System.
• Communicate security requirements to the project team that need to be met based on the inherent risk characteristics
• Validate that all necessary security groups are involved and that security requirements have been provided to the project/product teams
• Maintain an accurate inventory of all projects/product risk assessments that SRM is currently working on.
• Work with SRM Engineering team to obtain a clear status of the risk assessment from each engineering team
• Provide weekly status reports to SRM management of active projects that SRM is working on within Technology and Business Lines
• Provide updates to the project teams Product Owners about the status of the security review (architecture or engineering)
• Provide reports to SRM senior management on a regular basis regarding the health and performance of program
• 4 Year College Degree in Information Systems or Equivalent Experience
• Excellent Writing and Verbal Communication skills key, project management and organizational skills needed, agile, process management and plus
• Experience with Information Security frameworks and standards (i.e. CIS, NIST, ITIL)
• Strong working knowledge of NIST 800-53 r4 and r5
• Resourceful, creative, innovative, results driven, and adaptable
• Ability to perform in a fast-paced multidisciplinary environment
• Experience with project management or managing a workflow
• Military education or experience may be considered in lieu of civilian requirements listed