Drag

Security

Location : ,

Job Description

Requirements

Years of work experience:3 year(s)

Job Title: Security Governance Risk Analyst

 

Scope:

  • 7-10 years of IT Audit experience (CISA certified preferred)
  • 3 years of IT Risk Management lifecycle experience
  • 3 years of hands-on technical experience (e.g. developer, system administrator) · Experience working with NIST 800-30 Risk Assessment Standard
  • Extensive experience with IT General Controls evaluation and design
  • Advanced skill level in business process mapping and documentation as well as policy and procedure development
  • Recent experience in Information Security with up-to-date knowledge of the current threat landscape.
  • Solid understanding of PCI DSS standards

The management, assessment, and mitigation of risks are fundamental components of our

information assurance and cyber security program at the Florida Turnpike Enterprise. This

position leads the IT security risk and audit program for information systems security using

generally accepted standards and frameworks for IT audit and risk management (e.g., NIST, ISO,

PCI, and ISACA). The position is responsible for the development and implementation of the IT

security risk and audit strategy that perform information systems and business process risk

assessments and evaluate the effectiveness of technical, physical, and administrative controls

to identify control weakness. This individual will interface with the Security Operations, IT

Operations, and various business units to:

Perform PCI, SOC2, ISO, and applicable State of Florida cybersecurity controls-related

  • reviews to ensure that current, new, and technology infrastructure complies with
  • these standards and Department’s security policies.
  • Plan and perform IT security controls effectiveness. Manage remediation efforts for the
  • identified gaps including assessment of new or enhanced implemented controls.
  • Maintain IT security risk and compliance matrix and performs management reporting. This
  • will include IT systems controls, and business process risks to meet compliance
  • requirements. Provide risk mitigation strategies
  • Maintain Third Party Risk Management Program (TPRM) and analyze SOC-2 and other
  • reporting including mapping to key IT security and compliance controls such as NIST, PCI,
  • and COBIT.
  • Manage IT security vulnerabilities management program aligned with PCI and NIST
  • standards.
  • Identifying and ranking the value, sensitivity, and criticality of the operations and assets that
  • could be affected should a threat materialize in order to determine which operations and
  • assets are the most important.
  • For the most critical and sensitive assets and operations, estimating the potential losses or
  • damage that could occur if a threat materializes, including recovery costs.
  • Identifying cost-effective actions to mitigate and reduce risk. These actions can include
  • implementing new organizational policies and procedures as well as the design of
  • technical or physical controls.
  • Coordinating, tracking, and verifying remediation of audit findings.