Cast & Crew is hiring a
Information Security Risk Analyst

Summary

Join Cast & Crew as an Information Security Risk Analyst to assess all information risks and facilitate remediation of identified vulnerabilities for the Information Security Office and IT risk across the enterprise. This role requires 5+ years of experience in Information Security, excellent communication skills, relationship building abilities, planning and organizing skills, knowledge of various security tools, and specific skills such as using commercial and open-source risk management, GRC, and security tools.

Requirements

• Total experience of 5+ years in Information Security with experience in the following: Audits and risk management, Third-party security assessments, Documentation and creation of policies, procedures, and runbooks, Vulnerability remediation
• Excellent oral communication skills and is comfortable in group or small team settings
• Excellent written communication skills
• Ability to take highly technical material and present communicate it to a non-technical audience
• Builds excellent working relations with all IT colleagues and users, works effectively with department and executive management, and maintains a professional relationship with outside clients
• Exhibits mature organization and time management skills
• Excellent problem-solving skills
• Excellent documentation, communications, and interpersonal skills
• Effectively plans and organizes daily work following priorities set by the Security manager and help desk tickets when appropriate
• Demonstrates strong follow-up and follow-through skills in ensuring timely completion of projects
• Self-starter who actively takes responsibility to resolve technical problems but also knows when to ask questions to avoid major delays in delivery of work product

Responsibilities

• Participating in risk assessments and audits by collecting and analyzing documentation, statistics, evidence, and reports
• Developing and maintaining security documentation such as policies, standards, and procedures
• Establishing policies and procedures to identify and address risks in the organizations services and departments
• Information gathering and interviewing of internal resources to complete third-party security questionnaires
• Leading third-party vendor assessments utilizing risk-scoring tools
• Maintaining internal risk scores by managing vulnerability remediation
• Advising internal lines of business, IT partners, and 3rd parties on how to remediate technical security issues and verify remediation activities
• Reviewing and assessing risk management policies and protocols; making recommendations and implementing modifications and improvements
• Monitoring and reporting on internal control effectiveness
• Understanding applicable regulations, guidelines, and industry best practices to manage risk and ensure compliance
• Reviewing and analyzing metrics and data such as vulnerability scan reports and cybersecurity risk scoring tools
• Drafting and presenting risk reports and proposals to executive leadership and senior staff

Preferred Qualifications

One or more of the following certifications is preferred: CISSP, CRISC, Vendor Certifications (e.g., AWS/Azure), GIAC/ GSEC, CISA

Benefits

Cast & Crew provides a comprehensive package of employee benefits including: Medical, Dental, Vision, PTO, health and wellness programs, employee discounts, and more!