This site uses cookies. To find out more, see our Cookies Policy

Senior Information Security Risk Analyst in Philadelphia, PA at Radian Group Inc

Date Posted: 11/9/2018

Job Snapshot

  • Employee Type:
    Full-Time
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:
    11/9/2018

Job Description

As a member of the Information Security Risk Assessment Program (under the direction of the AVP, Information Security Risk) your essential functions will involve risk identification, risk measurement, risk mitigation, risk monitoring and risk reporting.

Your key responsibilities will include:

  • Conducting risk analysis and assessments using internal tools and third-party vendor partners. Assess applicable threats and their probability and potential impact to confidential information and/or business operations.
  • Reviewing third-party attestation, security rating and audit reports. Work with Business and the Procurement Teams to ensure results are clearly articulated and, if needed, recommend remediation options commensurate with risk.
  • Transposing risk assessment results into understandable terms for senior leadership and to assist the business in making beneficial decisions for the Company.
  • Supporting documenting and maintaining the enterprise's information security risk assessment methodology based on industry-recognized IT risk assessment frameworks (e.g. NIST, FAIR)
  • Contributing to the ongoing development and maturity of the Information Security Risk Program by identifying opportunities for improvement including process and methodological enhancements, areas for automation/integration, and staff training. 

What you will do:

  • Implement information security risk management framework and supporting processes to identify, evaluate and report on information security risks in a manner that meets Radian’s regulatory, customer and other compliance requirements.          
  • Manage oversight and monitoring of risk mitigation and coordination of policy and controls with the Compliance and Assurance Team to ensure risk owners, initiative owners and other key partners are taking effective and timely remediation steps.          
  • Develop and drive control mapping to risks and associated security risk frameworks; track changes in threats, impacts and control effectiveness to inform updates over time.    
  • Build and maintain risk documentation including security risk register with assessment output.    
  • Research, design and implement tools and measures to automate risk management and risk reporting tasks where feasible. Manage process effectiveness, measurement and optimization.      
  • Prepare reports and presentations on the state of information security risks and the information security risk program on a regular basis and when ad-hoc requests arise.          
  • Other duties as assigned.


Who we are looking for:

Knowledge:

  • Demonstrated knowledge and understanding of information technology, systems and architecture.
  • Expertise in technology and information risk assessments and identifying technology and internal controls necessary to mitigate risk.
  • Knowledgeable of technical security standards such as NIST and ISO. 
  • Knowledge and experience with the FAIR methodology a plus.
  • 3+ years of relevant work experience in IT risk management, Information Security, Internal Audit, Information Technology, Risk Management, Compliance or other relevant field         


Skills and Abilities:

  • Ability to conduct risk identification, risk assessments, threat modelling, risk treatment measures including risk acceptance, governance including measuring/monitoring/reporting, risk aggregation, control assessments & controls testing, etc.
  • Ability to articulate risks and communicate effectively to various levels of management.
  • Ability to create and implement program structure and process and to help automate tasks wherever feasible.
  • Ability to support Legal Team when issues arise in relation to the contract negotiation of the vendor's security practices a plus.


Other Position Parameters:

  • Ability to work effectively with a wide range of individuals including developers, systems administrators, executives, customers, regulators, auditors, etc.
  • Excellent analytical and process development skills.


Prior Work Experience:

  • 5 - 8 years of relevant work experience. 


Education and Credentials:

  • Required:   Bachelor’s Degree in Information Security, Security Assurance, or related discipline. 
  • Preferred:   Master's Degree in Information Security, Security Assurance, or related  discipline.  

  
Credentials:

  • CISSP, CRISC, CISA, CISM or equivalent.
  • Project Management and/or Lean certifications

Location:

  • 1500 Market Street, Philadelphia, PA 19102

EEO Statement

Radian complies with all applicable federal, state, and local laws prohibiting discrimination in employment.  All qualified applicants will receive consideration for employment without regard to gender, age, race, color, religious creed, marital status, sexual orientation, national origin, ethnicity, ancestry, citizenship, genetic information, disability, protected veteran status or any other characteristic protected by applicable federal, state, or local law.

If you are a person with a disability and need assistance in the application process please send an e-mail message to recruitment@radian.biz.