Cloud Security Senior Risk Analyst
Job Description:
As a Cloud Security Risk Analyst, you will be part of a larger IT Risk team where your work will focus primarily on assessing security risk in cloud implementations along with providing compliance monitoring and validation of Arrow’s internal and external cloud solutions in order to protect against threats. You will be actively assessing and monitoring risks related to Arrow’s customer cloud EA agreements, external cloud subscriptions/tenants and internal cloud offerings. You will provide guidance on Cloud Security Compliance Standards and assess the security posture of various cloud offerings against internally published Arrow Cloud and Security standards and industry best practices for cloud computing.
Responsibilities:
- Stay abreast of current advances in all areas of cloud security technologies to understand how vulnerabilities, security breaches, malicious attacks, emerging compliance regulations and framework updates affect Arrow’s Cloud Computing posture and which mitigation actions to take.
- Perform risk assessments of Arrow’s cloud offerings, both internal and external against Arrow’s Risk and Controls Framework (catalog), policies, standards and industry best practices to ensure accurate and defensible risk decisions.
- Performs deep-dive controls testing for high risk cloud areas for independent validation of issues and remediation efforts as needed.
- Discover, analyze, rank, document and publish discovered risks and manage the issuance of risk documents to ensure various technology teams perform remedial actions.
- Maintain and regularly update Arrow’s Risk and Controls Framework based on new information learned from cloud assessments etc.
- Maintain and regularly update Arrow’s Global IT Risk Register to ensure all cloud vulnerability findings are recorded, easily accessible and tracked to either remediation or acceptance.
- Ensure informed decision-making is performed related to new cloud engagements, upgrades and introduction of controls and new cloud capabilities.
- Regularly create work product such as documents, charts and/or PowerPoint presentations to illustrate cloud risk findings to IT and business units.
- Identify vulnerabilities or weaknesses in systems.
- Document and publish risk findings with Arrow’s Security Architecture Team and relevant business leads.
- Ensure that cloud security controls are adequate and operational to protect Arrow’s sensitive information.
- Clearly document and define cloud risks and potential impacts along with the statistical probability of such an event and identify systems affected by the defined risk.
- Provide mitigation/ damage reduction proposals with cost justification all the way to risk acceptance if necessary.
Required Skills:
- Strong knowledge of cloud offerings, security capabilities, methods to secure and conducting security risk assessments against cloud services.
- Ability to communicate effectively at a technical and a management level.
- Strong emotional intelligence and cultured personality characteristics; ability to work with a variety of domestic and international technical teams.
- B.S. degree or equivalent work experience in risk management, business management, information systems or other relevant field.
- 4-7+ years of combined risk management, risk consulting, and information security work experience with a heavy focus on cloud computing systems.
- CSA CCSK (Certificate of Cloud Security Knowledge) or Certified Information Systems Security Professional (CISSP), highly preferred.
- Functional knowledge of risk management approaches and processes required, including proven implementation experience in the areas of conducting risk assessments and familiarity with IT risk industry wide frameworks and assessment methodologies.
What’s In It For You:
At Arrow, we recognize that financial rewards and great benefits are important aspects of an ideal job. That’s why we offer competitive financial compensation, including various compensation plans, and a solid benefits package.
- Medical, Dental, Vision Insurance
- 401k, With Matching Contributions
- Paid Time Off
- Health Savings Account (HSA)/Health Reimbursement Account (HRA) Options
- Growth Opportunities
- Short-Term/Long-Term Disability Insurance
- Discounted RTD Passes, with convenient office location off RTD Light Rail (Dry Creek Exit)
- On-site Café with Catering Option for Busy Lifestyles
- 24/7/365 On-site Gym and Lockers, Free for Use to All Employees!
- Bike Racks
- And more!