<p>Our IT Security team is looking for a Senior Information Security Risk Analyst to join our team in Worcester, MA, Windsor, CT or remote work location.</p> <p>This is a full time, exempt role.</p> <p>POSITION SUMMARY:</p> <p>The Senior Information Security Risk Analyst will lead the development and management of information security policies, standards and guidelines.</p> <p>This role is also responsible for working directly with our business partners to evaluate the business risk environment, assessing key control appropriateness and effectiveness, determining information security risk, and providing direction on the development of appropriate security measures to mitigate risk exposure.</p> <p>In addition, the senior analyst will track remediation of any identified control gaps and deficiencies, analyze data for management reporting and ensure all cyber and data security requirements are in place.</p> <p>IN THIS ROLE, YOU WILL:</p> <ul> <li>Develop, implement and maintain a policy management lifecycle process, including develop, implement and communicate security policies, procedures, standards, best practices, guidance and controls. </li><li>Continuously assess existing policies for relevancy and accuracy and work with business partners to identify and manage risks associated with policy violations and exceptions </li><li>Contribute to management's monthly reporting by analyzing and reporting on IT security controls and risk exposure. </li><li>Responsible for ensuring that all applicable regulatory requirements are addressed, and security controls are managed and maintained. </li><li>Perform information security risk evaluations on reported IT issues and communicate impact of risk to parties involved. </li><li>Participate in IT initiatives, as necessary, to ensure security control measures are addressed and imbedded in business-as-usual activities prior to project completion. </li><li>Experience working with various information security frameworks and standards, cybersecurity regulations and industry compliance requirements. </li><li>Understand the security risk landscape and proactively identify the need for changes to existing controls to meet and exceed industry standards. </li><li>Responsible for building and operating our security risk management processes: risk assessment design and execution, risk treatment, issue and action management portfolio oversight, insight analysis, and reporting </li><li>Advise and collaborate with SMEs, including Audit & Compliance, teams to ensure design and testing of security controls are aligned with leading best practices and executed effectively to manage risk </li><li>Develop and maintain (Key Performance Indicators - KPIs) and risk (Key Risk Indicators - KRIs) metrics for use and reporting by business areas. </li></ul> <p>WHAT YOU NEED TO APPLY:</p> <ul> <li>A Bachelor's degree in Computer Science or technology/information security-related field. </li><li>Five to seven (5-7) years' direct experience in an information security role where risk-based methodology is used. </li><li>Expert knowledge of information security systems and procedures, strong analytical and problem-solving skills, excellent communication skills, expertise in computer networks. </li><li>Familiarity with FAIR methodology </li><li>Certified Information Systems Security Professional (CISSP) is a plus. </li><li>Certified in Risk and Information Systems Controls (CRISC) or equivalent. </li><li>Strong understanding of ISO-27000 based security program functional areas and other commonly accepted standards (e.g. NIST) </li><li>Strong understanding of policy, compliance, and best practice security principles. </li><li>Able to work independently with minimal guidance and act as coach to other team members as necessary. </li><li>Experience leading through influence </li><li>Communication experience, interpersonal experience, and experience working cross-functionally with various teams </li></ul>