Job#: 2036084Job Description:Apex has an immediate need for a Sr. Risk Analyst. This position involves assessing IT systems risk and control. Responsibilities include collaborating on risk management programs, aligning technology risk activities, and contributing to risk reduction efforts related to technology use.Ideal candidates will have the following:5-10years experience as Risk AnalystExperience with Security Controls frameworksCobiT, ISO 27001, NIST, NIST CSF, PCI DSS, RMF, etc.Knowledge of privacy regulationsGDPR, CPRA, NIS, NIS2, CPA, etc.Strong preference for direct experience with OneTrust. Must have experience with a Governance-Risk-Compliance (GRC) software suite.Ability to demonstrate a strong understanding of Security Control Frameworks (ISO, NIST, HIPAA, PCI, SOX)CISSP, CRISC, CISA, CASP, CYSA, ISA, or Security+ CECertificationFor immediate consideration, please email your resume to [email protected] and reference Job ID 2036084.Job Responsibilities:Participate in ongoing reviews of IT Risk Management Program.Contribute to strategic plans supporting program objectives and alignment of technology risk activities. Apply quantitative risk valuation models and tooling to inform and support strategic and tactical risk-based decisions.Assist in delivering Risk Management programs to mitigate technology-related risks.Contribute to program governance and processes for identifying, assessing, and responding to risks.Collaborate with other IT and corporate processes (M&A, Project Management, and 3rd Party/Vendor Management).Maintain risk assessment methodologies, processes, artifacts, and training.Lead or manage assessments and remediation efforts, tracking progress and reporting on security control gaps.Analyze risk/control information to formulate recommendations, metrics, and reports for management decision-making.Ability to analyze and aggregate risk across a complex organization and articulate risk clearly.Register IT risks, work with risk owners on risk treatment, and monitor risk treatment, response, and mitigation with risk owners. Weight business needs against security concerns and articulate issues and options to management.Present risk register and treatment plans to stakeholders on a regular basis.Enhance collection and maintenance of OneTrust risk register information.Work cross-functionally to improve workflow and collect required risk profile data.Assist project teams in the implementation of security measures to meet corporate security policies, manage risk, and meet external regulations, including various data security standards.Ensures of proper documentation of technology assessment results, and monitors remediation. Deliver all documentation developed during task execution, with status of all work in progress. Create Weekly and Monthly Status Reports, including daily technical task reports, threat management reports, among others.Support the Business Technology Disaster Recovery process.Support the resolution of Internal Audit, Compliance, Risk Management, Regulatory related issues that could impact the confidentiality, availability or integrity of data or processes.Requirements:Five to Ten (5-10) years direct experience in a Risk Analyst role is required.A bachelors or master's degree in computer science, Cyber-Security or in a technology/information security-related field is preferred and can substitute degree in lieu of some actual experience.Experience with Security Controls frameworks (e.g., CobiT, ISO 27001, NIST, NIST CSF, PCI DSS, RMF, among others) and knowledge of privacy regulations (e.g., GDPR, CPRA, NIS, NIS2, CPA, etc.).Experience with a Governance-Risk-Compliance (GRC) software suite (OneTrust, Archer, Xacta, ., etc.) is required; prefer direct experience with OneTrust.Must be able to demonstrate a strong understanding of Security Control Frameworks (ISO, NIST, HIPAA, PCI, SOX) This is required; prefer multiple framework experience vs single framework experience.Strong leadership, critical thinking and collaboration skills required.Attention to detail is a critical success factor for this role.Ability to influence peers, colleagues, and managers across business and divisional Lines to Take action on complex, technical or sensitive topics with companywide impact.Must be analytical and Possess Ability to interpret and apply policies and regulations across a large, complex business.Able to work effectively in an environment characterized by multi-tasking, fast-paced, lead by multiple projects and conflicting priorities. Multi-level communications and interpersonal skills (including strong documentation skills). Able to effectively communicate security-related concepts to a broad range of technical and non-technical staff, across IT and business.Strong technical information security knowledge to assess various information security and risk management processes and tools.Any "one" certification in; CISSP, CRISC, CISA, CASP, CYSA, ISA, or Security+ CE is preferred.EEO EmployerApex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at [email protected] or 844-463-6178.Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico.VEVRAA Federal ContractorWe request Priority Protected Veteran & Disabled Referrals for all of our locations within the state.We are an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other protected characteristic. The EEO is the Law poster is available here.PDN-9c6ffb5b-3a12-447c-acd6-9650d6d81651