Third Party Security Risk Analyst
Current• Create and update the following documentation: Risk Assessment Report, E-Authentication, Security Assessment Plan (SAP), System Security Plan (SSP), Plan of Action & Milestone (POA&M) etc.• Facilitate the Information Risk Management process including the reporting/oversight of treatment efforts to remediate negative findings.• Develop and publish Security Policies and Standards; provide consulting to technical resources on security mitigation of identified security gaps/risks and compliance to Global Security Policies.• Define the Vulnerability Management process including the identification of vulnerabilities, provide consulting to business/technical resources to remediate vulnerabilities, and align vulnerability remediation processes with existing Infrastructure programs.• Review policies, procedures, standards, and guidelines per applicable regulations including ISO 27001, PCI-DSS, HIPAA, HITRUST.• Ensure compliance of Information Technology Security Policies and utilize vulnerability tools• Develop and enhance an information security framework based on NIST Cybersecurity Framework (CSF) and International Organization for Standardization (ISO 27001)