• Senior Information Security Risk Analyst

    Job Locations US-MD-Bethesda
    Job ID
    2018-1640
    # of Openings
    1
    Category
    Risk Management
    Type
    Regular Full-Time
  • OVERVIEW

     

    CSS Logo_joint venture

     

     

     

    The Company

     

    Common Securitization Solutions (CSS) is seeking an experienced Senior IT Risk Analyst to join our team of talented professionals in Bethesda, Maryland.

     

    How many times in your career do you get the opportunity to do something that’s never been done? To create something that will change an entire industry? CSS is building the Common Securitization Platform to issue and manage mortgage securities. We’re looking for people who can walk in two worlds – a start-up environment where development is collaborative and rapid; and a production environment where we run and monitor the performance of the platform. Longer-term, this platform could serve the entire US housing finance industry. Sound transformative? It is. Come join us and help create something remarkable.

    RESPONSIBILITIES

     

    Job Information

     

    Enterprise Risk Management (ERM) is looking for a Senior IT Risk Analyst to help ERM manage and oversee technology based risks. The successful candidate would be responsible for identifying, prioritizing, monitoring and reporting technology risks and controls including performing risk and controls assessments. This position works closely with the operational, technical, and corporate function personnel to foster a technology risk management culture, challenge assumptions and to assist in communicating a holistic risk profile of technology risk to ERM, CSS Executive management and various stakeholders. 



    Key Job Functions

     

    • Demonstrate solid knowledge on technology processes within infrastructure, information security, SDLC and Enterprise Service Management utilizing various IT controls frameworks (i.e. COBIT 5)
    • Understand and articulate risks associated with technology processes and IT general controls and identify process and control gaps proactively
    • Liaise across relevant business, technology, and control functions to prioritize risks, challenge technology risk decisions, assumptions and tolerances, and drive appropriate risk response.
    • Contribute to the establishment of metrics and tools to assess and report on inherent risks, control strength and residual risk in a consistent and objective manner.
    • Assist with the development and validation of remediation plans for technology deficiencies by providing effective challenge.
    • Monitor internal and external business, regulatory and technology environment to identify new or emerging risks and verify remediation of issues.

     

    QUALIFICATIONS

     

    Education   

     

    • Bachelor's Degree in Information Systems or related field or an equivalent combination of education and experience

     

    Minimum Experience  

     

    • Minimum 5 years of work related experience in technology
    • Minimum 3 years of experience performing risk management and analysis related activities
    • Applicants must be authorized to work in the US without requiring employer sponsorship currently or in the future. CSS does not offer H-1B sponsorship for this position.

     

    Specialized Knowledge & Skills     

      

    • Experience working with Risk, Security or Audit frameworks (i.e., COBIT, COSO, ISO 27001/2, NIST 800-53, AICPA).
    • Strong understanding of technology processes, risks and issues including infrastructure, information security, SDLC and Service Management (knowledge within cloud computing is preferred, specifically AWS.
    • Capable of identifying, evaluating and mitigating significant risks within an enterprise.
    • Basic knowledge of SOC2 attestation reports.
    • Strong working experience with Microsoft Office Suite and GRC tools.
    • Must have and maintain at least one of the following certification: CISSP, CISA, CRISC or equivalent designation.
    • Ability to document and explain risks and vulnerabilities to both business and technical stakeholders
    • Must have past experience performing vulnerability research and reporting.
    • Strong oral and written communication skills and ability to work well with others and in a collaborative, complex and fast paced environment.
    • Possesses strong analytical skills
    • Certification: CISSP, CISA, CRISC or equivalent designation
    • Active in the technology industry; equipped with external networking relationships to maintain relevant knowledge of best practices, tactics, strategies and technology.
    • Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals.

     

    Employment

    As a condition of employment with Common Securitization Solutions, any successful job applicant will be required to pass a pre-employment drug screen and to successfully complete a background investigation, which may also include a credit check for positions in some areas of our business.   

         

    Common Securitization Solutions is an Equal Opportunity Employer.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Need help finding the right job?

    We can recommend jobs specifically for you! Click here to get started.