McAfee is currently seeking a, Information Security Analyst to join its growing Information Security team. The Information Security Analyst will monitor formal risk analysis and self-assessment activities for key systems and processes, including driving risk remediation activities, coordinating customer and third party audits, coordinating responses to RFPs on IT security, controls and compliance areas using GRC Tools as part of the Information Security GRC Team. This is a full-time opportunity in the Plano, TX area.
- Lead or contribute to security risk assessments which determine threats, consequences, and vulnerabilities to business unit key assets, products, and services.
- Participate in the planning and direction of security risk assessments to examine and verify security capabilities, behaviors, and controls for authentication, authorization, integrity, availability, assurance, audit, and disposal of Intel's information assets to determine exposure and compliance levels.
- Perform focused risk assessments of existing or new services, technologies and business processes.
- Communicate risk assessment findings to Information Security, IT and key business partners.
- Identify and implement appropriate controls to effectively manage information risks as needed.
- Identify opportunities to improve risk posture, developing solutions for remediation or mitigation of risks and assessing the residual risk.
- Maintaining strong working relationships with individuals and groups involved in managing information risks across the organization.
- Facilitate the implementation of manual GRC processes in the GRC Tool.
- Three (3) to Five (5) years risk assessment, internal controls, security audit, information security, and/or technology process experience using GRC Tools.
- CISSP, CRISC or CISA certification preferred. Experience with compliance and/or control frameworks preferred.
- Experience with ISO 27001, PCI and Sarbanes-Oxley compliance preferred.
- Experience with Vendor/Third Party Risk Assessment preferred.
- Experience with Governance, Risk & Compliance (GRC) Tools (e.g. Service Now, Archer) and managing risk assessments in GRC systems preferred.
- Experience administering GRC plugins - policy, compliance, risk management and third party management preferred.
- Experience implementing new applications and plugins within the GRC Tool platform preferred.
- Experience in design, build, and implementation of work flows , assessments , integrations & reports/dashboards preferred.
Knowledge, Skills and Abilities:
- Knowledge of NIST Risk Management Framework, ISO, PCI, COBIT, COSO, Sarbanes Oxley legislation and impact, and other regulations.
- Demonstrated ability to apply analytical skills in dealing with issues that are not readily defined or that conflict with available information.
- Solid understanding of industry best practices and standards for risk assessments, security audits, and third party vendor assessments.
- Excellent verbal and written communication skills.
- Good understanding of business process controls.
- Attention to detail and ability to implement.
- Excellent problem-solving, planning, time management, and follow through skills.
- Independent/self-starter with a willingness to learn.
- Ability to document processes, roles, key decisions, and other work session outputs.
- Ability to prioritize and organize work assignments for multiple work groups.
Education and Experience:
Bachelor's degree in Computer or Management Information Systems, Computer Engineering, Accounting, Finance, or other related field or three (3) to five (5) years of equivalent relevant work experience.