IT Risk analyst - Unix, Security, governance, controls
Reston Reston, Virginia 20190
Kavaliro seeks a Unix Security consultant with infrastructure, controls, risk for a contract position with our direct client in Reston VA. The risk and controls analyst is responsible for leveraging expert level knowledge of the business, complex processes, and regulations in support of the effective implementation of the organization' s governance, risk, and compliance programs. May recommend or implement procedures or business processes that are compliant with legal and regulatory directives and corporate mandates.
KEY JOB FUNCTIONS
- Develops and manages the implementation of operational and governance requirement for key control activities to ensure compliance with regulatory, legal, corporate, and business unit policies and procedures.
- Develops procedures and business processes that meet corporate standards and instruct business personnel in their use. Track compliance, evaluate results, and present best practice solutions to any issues that are identified.
- Evaluates new policies and procedures for operational and control impacts and governance, risk and compliance standards. May develop risk and operational reporting.
- Bachelor' s Degree or equivalent required
- 4+ years of related experience with infrastructure, information security and vendor management
SPECIALIZED KNOWLEDGE & SKILLS
- In depth experience with Infrastructure and technology platforms like Linux and Unix administration Or Unix Security experience.
- Experience in executing technology risk assessments and demonstrating strong knowledge and industry best practices/frameworks (COBIT 5, ISO 27002, NIST, CSF etc.) relating to IT processes and controls such as technical resiliency/business continuity, capacity management, asset and inventory management, incident/problem management, configuration/change management, as well as technology platforms and controls (UNIX, Oracle, Windows, network devices, tools, LDAP/AD, DBMS, and cloud related infrastructure services such as AWS etc.).
- Demonstrated work experience in the use of security principles; risk assessment policies and standards; information security best practices, products and technologies; and network technologies
- Experience in executing control design assessments, identifying key risks, controls and gaps, and process efficiencies while delivering comprehensive documentation of the process and controls in narrative form, supporting flow diagram, and mapping of risks and controls.
- Experience in assessing effectiveness of key controls through varied approaches including inspection and analytics.
- Ability to apply critical thinking and analytical skills to help management manage risk and solve problems (e.g., analyzing root cause of issues, impact to technology and required corrective actions) and assist Internal Controls Tech Managers / Directors in redesigning business processes and/or developing solutions for business partners.
- Experience and proven success in project management and executing multiple concurrent assignments.
- 2+ years of prior experience in related risk and control disciplines (e.g., Risk Management, Internal/External Audit, etc.). Big 4 assurance or advisory experience is a plus.
- Solid foundation and knowledge/experience in areas of Information Technology and/or Risk Management. CISA, CISM, CISSP certification, or other technical certifications (MCSE, GIAC/GSEC/GCUX, Security+, etc) desirable.
- Mortgage Banking and/or previous experience is a plus.
Strong experience in MS Word, Excel, PowerPoint, Access, and Project. Experience with collaboration tools such as MS SharePoint and GRC systems such as BWise or MetricStream desired but not mandatory.