Identity and Access Security Risk Analyst
Job Number: 25327
Employment Type: Full Time Associate
Position Title: Inform Security Risk Analyst
The Information Security Risk Analyst is a highly visible role who will work closely with a cross-functional group of business and IT risk stakeholders to deliver information security, IT risk management, and Identity and Access Management solutions and advisory services to stakeholders and Operating Companies located throughout Randstad USA. An ideal candidate for this role will be engaging, possess a strong balance between technical expertise and business acumen, and demonstrate a strong knowledge of Identity and Access Security principles and how to effectively apply those principles in a dynamic, constantly evolving global organization. The Information Security Risk Analyst will also be called upon to participate and provide input to help execute the agenda of the organization’s global Data Protection and Information Security (DP&IS) Community.
The Information Security Risk Analyst will exercise discretion and independent judgment with respect to matters of significance that are directly related to the management and operation of the business, including:
Identity and Access Management
- Act as the Enterprise Risk and Security team’s Identity and Access Management (IAM) liaison to the IT Support Services, HR and Financial application support teams, and other business and IT stakeholders to define, implement and mature IAM policies, processes, and procedures
- Engage with business and IT stakeholders and Project Managers to help define Segregation of Duties requirements and ensure the requirements are implemented and enforced
- Provide compliance guidance to business and IT functional stakeholders to ensure internal and external user access management and off-boarding practices comply with company policies
- Define policies, processes, and procedures to ensure adequate control and oversight is implemented and maintained over all privileged user account activities
- Engage with internal and external audit teams to participate in audit and assessment activities associated with Identity and Access Management practices and lead remediation planning efforts
- Act as IAM subject matter expert to ensure secure and consistent IAM practices are embedded and enforced in IT projects and systems integration initiatives
Risk and Compliance Management
- Execute the Information Security Risk Management life-cycle process to ensure appropriate Identity and Access Management risk mitigation decisions are made to address identified risks.
- Act as customer-facing liaison and information security subject matter expert to assist IT functional teams, internal project teams, business stakeholders, and external partners to understand user access management policies and control requirements and effectively implement and maintain appropriate risk mitigation safeguards.
- Assist with executing the Security Waiver and Exception Process to ensure all requests to deviate from acceptable information protection and IAM practices are properly vetted and authorized deviations are managed and tracked
- Assist the Business Continuity Coordinator with the planning and execution of Business Continuity, Disaster Recovery, and other contingency planning activities to help mature Randstad’s contingency planning capabilities
Third Party Risk Management
- Plan and execute the tasks necessary to ensure the services provided by key third party vendors, suppliers and business partners do not pose a risk to Randstad’s business operations, including, but not limited to the following:
- Execute the Third Party Vendor Security Risk Assessment Process
- Participate in vendor risk remediation discussions and ensure
- Perform reviews of contract agreements, Statements of Work, and other service agreement documentation to ensure appropriate IAM and data protection control obligations are enforced
- Conduct onsite security risk assessments at vendor sites
Policy and Awareness Management
- Develop and maintain the implementation life-cycle of security policies and supporting documentation (i.e. standards, guidelines, etc.) Assist with performing recurring policy reviews and contribute updated content to ensure control requirements and policy guidance remain current and applicable
- Assist with the continuous development, implementation, and ongoing maintenance of the security training and awareness education program. Help create and deliver security and data protection awareness training content to end users
- Assist with the planning and execution of the employee phishing defense training campaigns
Continuing Professional Development
- Expand core competencies by assisting other Enterprise Risk and Security (ERS) team members to execute other tasks related to information security, IT risk management, and data protection, as needed
- Perform occasional travel to other corporate offices (Ft. Lauderdale, FL and Woburn, MA) or field locations to promote employee security awareness and reinforce safe data protection practices
- Remain current on IT security risk management, Identity and Access Management, and data protection evolving trends and technologies to reinforce and develop new core competencies
- Bachelor’s Degree
- Certified Information Systems Security Professional (CISSP) or other equivalent Information Security industry standard professional certification.
- 5 – 10 years hands-on experience executing all phases of an Information Security Risk Management life-cycle, including industry standard security risk assessment methodologies.
- Demonstrated ability to analyze well defined and ambiguous business and IT functional requirements and identify potential risks and risk mitigation solutions.
- Proven ability to successfully execute the end-to-end life-cycle of IT and information security project initiatives, from inception through implementation.
- In-depth knowledge of techniques to apply a layered Defense In-Depth approach to protecting information resources, including, but not limited to Risk and Compliance Management, Threat and Vulnerability Management, and Identity and Access Security.
- Proven expertise implementing all phases of the Security Policy Development Life-cycle and developing security awareness training content to help reinforce safe data protection practices.
- In-depth knowledge of the ISO 27002 International Controls Standard and different approaches to implement and enforce the controls framework.
- Demonstrated expertise administering a third party vendor security risk assessment process.
- A self-starter with proven ability to effectively multi-task and juggle contending priorities while continuing to meet deadlines.
- Collaborative oral and written communications skills.
Get to know us and find out "What More Could You Do" at Randstad.
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.
Community / Marketing Title: Identity and Access Security Risk Analyst
EEO Employer Verbiage:
EEO Employer Verbiage Displays here
Location_formattedLocationLong: Atlanta, Georgia US