Senior IT Security Risk Analyst

Job Description Summary

The Senior IT Security Risk Analyst liaises with leaders within Technology and adjacent business units to manage technology issues and related action plans, serving as the primary point of contact between Information Security, Technology and the Business. This role assists in enabling business strategies, while balancing the security risk and ensuring security is aligned with business strategies. Interacts with all levels of leadership in the firm to accelerate solutions through better communication and alignment. The key to success is the ability to influence senior business leaders about the need to embrace security initiatives and remediate technology control gaps.

Job Description

Please note: This role is not eligible for Work Visa sponsorship, either currently or in the future.

This position follows our hybrid workstyle policy: Expected to be in a Raymond James office location a minimum of 10-12 days a month.

Knowledge of:

• Information Security programs including, but not limited to, IT controls, IT control assurance, audit coordination, risk assessment, awareness and training, identity and access management, data protections, secure SDLC, incident management, vulnerability assessment, penetration testing, third-party assessment, secure configurations and patch management. 

• Advanced knowledge of infrastructure and logical security technology with experience working with IT Control frameworks like CIS Security controls and NIST Cybersecurity Framework or other industry frameworks such as ITIL, ISO 17799 and/or CoBit processes and procedures. 

• Translating business drivers and priorities into security design. 

• Government and other regulations related to Information Security (e.g., GLBA, SOXA 404, FFIEC, PCI, Privacy, HIPAA, etc.). 

Essential Duties and Responsibilities:

• Articulates the security perspective to technology leaders or the business and helps them understand the potential impact and possible controls. 

• Counsels business units in understanding regulatory information security compliance requirements and helps ensure compliance. 

• Represents the Technology Risk and Assurance team in proposing or development of policies and standards, especially where relevant to issue remediation.  

• Oversee and act as primary point of contact for IT internal audits,  

• Collaborate with internal and external IT audit teams for scoping, deliverable request management, IT control mapping, and clear issue documentation.  

• Partner with senior IT leadership to perform validation of identified issues, ensure action plans are complete and effective, and track issue remediation or risk acceptance through issue closure to ensure timely risk treatment.  

• Assist with IT control assurance to ensure IT control owners understand their responsibilities as to risk management, control effectiveness, and control gap remediation as well as compliance to IT security policies and standards.  

• Focuses on process improvement to manage risk, proactively prevent problems and identify opportunities for efficiencies and automation. 

• Investigates security incidents, control failures, and policy exceptions and works with Information Security teams to recommend/implement appropriate corrective actions. 

• Understands, tests and implements security plans, products, strategies and control techniques. 

• May lead or participate in security related projects and strategy. 

• Performs other duties and responsibilities as assigned. 

Ability to:

• Identify and understand issues, problems and opportunities; compare data from different sources to draw conclusions.

• Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message. 

• Use effective approaches for choosing a course of action or developing appropriate solutions; recommend or take action that is consistent with available facts, constraints and probable consequences. 

• Demonstrate a satisfactory level of technical and professional skill or knowledge in position-related areas; remains current with developments and trends in areas of expertise. 

• Make internal and external clients and their needs a primary focus of actions; develop and sustain productive client relationships. 

Skill in:

• Technical skills and proficiency in a wide array of platforms and systems (e.g., Windows, UNIX, SQL, Tandem). 

Highly Preferred Licenses/Certifications:

• Security+, CISSP, CISM, CISA, or CRISC

Education

Bachelor’s: Computer and Information Science, High School (HS) (Required)

Work Experience

General Experience - 6 to 10 years

Certifications

Travel

Less than 25%

Workstyle

Hybrid

At Raymond James our associates use five guiding behaviors (Develop, Collaborate, Decide, Deliver, Improve) to deliver on the firm's core values of client-first, integrity, independence and a conservative, long-term view. We expect our associates at all levels to:

 Grow professionally and inspire others to do the sameWork with and through others to achieve desired outcomes

 Make prompt, pragmatic choices and act with the client in mindTake ownership and hold themselves and others accountable for delivering results that matter

 Contribute to the continuous evolution of the firm

At Raymond James – as part of our people-first culture, we honor, value, and respect the uniqueness, experiences, and backgrounds of all of our Associates.  

When associates bring their best authentic selves, our organization, clients, and communities thrive. The Company is an equal opportunity employer and makes all employment decisions on the basis of merit and business needs. #LI-TC1