26 to 50 of 577 Risk Analysis Jobs

security standards. Participate in incident response activities, including identifying, reporting, and helping to resolve security incidents. Contribute to the development and delivery of security awareness training for staff. Drive Risk Management: Perform risk analysis for system changes, contribute to the Risk Management Framework process and recommend security solutions to address any identify gaps. Maintain Security Documentation … Ensure all system documentation is up to date. POAMs: Manage and Maintain Plans of actions and milestones, by tracking remediation efforts, validating closure evidence, prioritizing and communicating risk, and ensuring timely. Oversee Configuration Management: Manage changes to security-relevant software, hardware, and firmware to maintain system security. Basic Qualifications: As a requirement of this position, all candidates must be … II. Preferred Qualifications: Experience Shaping policies and programs for DoD information security initiatives. Knowledge of NIST guidance (SP 800-37, 800-53, 800-161) and JSIG guidance. Hands-on risk assessment experience that incorporates system/mission requirements and operation constraints. Splunk Experience to enhance your threats detection capabilities. Other Requirements: Must have an active Secret clearance with the More ❯

policies, standards, and procedures, and ensuring compliance with regulations like GDPR, HIPAA, and PCI-DSS. Incident Response : Planning and executing incident response strategies, including detection, containment, eradication, and recovery. Risk Management : Identifying, assessing, and mitigating security risks through risk analysis and management frameworks. Security Architecture Design : Creating and maintaining security architecture frameworks and models, such as SABSA More ❯

LEAD IT RISK & CONTROL WHAT IS THE OPPORTUNITY? "The Lead IT Risk Controls Analyst is a subject-area specialist with specialized training, methods and analytic techniques to create recommendations and directions for cyber risk mitigation in a complex technical environment. Focus areas of security assessment by the Lead ITRC Security Analyst includes third party security and overall … This requires routinely authoring detailed reports and gathering metrics ensure stakeholders receive accurate and complete information. The Lead ITRC tkeeps abreast of external cyber security trends, technologies and cyber risk management approaches, and often works with other teams on cyber risk-related initiatives to provide subject-matter recommendations and guidance to achieve a posture within the bank's … overall risk appetite. The Lead ITRC serves as an expert area of specialization. This role is a working lead that provides functional guidance and may coordinates or supervise the daily activities of individual contributors or working teams in areas of specialization.Provides input on resources planning, procedures," WHAT WILL YOU DO? "Define analysis objectives, collect data from internal and More ❯

LEAD IT RISK & CONTROL WHAT IS THE OPPORTUNITY? "The Lead IT Risk Controls Analyst is a subject-area specialist with specialized training, methods and analytic techniques to create recommendations and directions for cyber risk mitigation in a complex technical environment. Focus areas of security assessment by the Lead ITRC Security Analyst includes third party security and overall … This requires routinely authoring detailed reports and gathering metrics ensure stakeholders receive accurate and complete information. The Lead ITRC tkeeps abreast of external cyber security trends, technologies and cyber risk management approaches, and often works with other teams on cyber risk-related initiatives to provide subject-matter recommendations and guidance to achieve a posture within the bank's … overall risk appetite. The Lead ITRC serves as an expert area of specialization. This role is a working lead that provides functional guidance and may coordinates or supervise the daily activities of individual contributors or working teams in areas of specialization.Provides input on resources planning, procedures." WHAT WILL YOU DO? "Define analysis objectives, collect data from internal and More ❯

support the continued development of a robust security programme across cloud-based IT services and managed environments (particularly Microsoft 365 and Azure). This role spans security operations, governance, risk, and assurance , and will suit someone with a blend of hands-on technical skills and strategic thinking. What You'll Be Doing: Support and improve day-to-day security … operations, incident response, and vulnerability management. Lead on security investigations and ensure remediation is aligned with industry best practices. Conduct risk assessments and provide security consultancy for technical projects and service design. Help maintain ISMS policies and ensure regulatory compliance (e.g. PCI-DSS, GDPR, FCA). Play a key role in cloud security strategy across Azure/M365 and … in a security-focused role with exposure to frameworks like PCI, ISO27001, or FCA compliance. Deep understanding of Microsoft cloud environments and hands-on experience with technical controls. Excellent risk analysis, stakeholder engagement, and documentation skills. Relevant qualifications such as CISSP, CompTIA Security+, AZ-500, or MS-500 are highly desirable. Seniority level Seniority level Mid-Senior level More ❯

Role overview: Working for a security vendor, the Security team are accountable for the company's Information Security, Security Architecture, Security Compliance, Security Awareness, Security Operations and Information Security Risk Management Activities. You'll work closely with development and operational teams to design, implement/recommend application security controls. This is a new role for the company requiring a … will have a background in software development. Main tasks and responsibilities: Assess and identify gaps in current application security controls and provide guidance to resolve and remediate based on risk to the business Working with the DevOps teams, establish and design processes to improve the secure development of products and services during the SDLC Provide guidance and support during … with knowledge of Application Security Frameworks e.g. OWASP SAMM/DSOMM etc Hands-on knowledge of information security processes such as security design review, threat modelling, OWASP Top 10, risk analysis, and software testing techniques Strong understanding of application security awareness, including the security of web applications Experience with risk management activities - identifying, assessing and providing remediation More ❯

and with little supervision. • Excellent interpersonal skills, sound judgment, and organizational/administrative skills. • Ability to communicate and interact with diverse technical and non-technical groups. DESIRED SKILLS: • Malware analysis or digital computer forensics experience is a plus. • Cyber related Law Enforcement or Counterintelligence experience. • Existing Subject Matter Expert of Advanced Persistent Threats and Emerging Threats. • Understanding of risk … technology from device turn on to power off, network functions (SMS, MMS, Voice, Data) and cellular system functions. • Understanding of wireless and RF technology. • Understanding and experience in conducting risk analysis, risk management, infosec, system testing and client structures. TECHNOLOGIES USED: Operating Systems: • Microsoft Windows (7 - 10, Server ) • UNIX (Solaris, HP-UX, etc.,) Operating System versions • Common More ❯

will ensure that the Bank maintains high standards of security, privacy, and compliance, contributing to our mission of promoting sustainable development across our regions of operation. Aboutthe Department Operational Risk Management (ORM) is part of the Bank’s Risk Management group and forms the second line of defence . ORM is responsible for independently identifying, assessing, and supporting … data subject requests and support the Personal Data Review Panel on personal data-related complaints. Advise on IT and business projects with respect to InfoSec and privacy risks. Maintain risk registers , provide ongoing risk analysis, and contribute to risk mitigation plans. Support completion and review of Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs … . Manage BAU activities , including: Social engineering exercises. Supplier assurance assessments. Risk assessments for business processes and technologies. Research emerging threats and evaluate applicability to the Bank’s operations. Monitor changes in regulations and best practices , document and propose updates, agree on changes with the Head of Information Security, and implement project plans. Work extensively with IT , particularly the More ❯

of an organization to identify needs and use cases, develop a set of requirements, design a solution, and implement that solution, all using Splunk. • Conduct thorough threat assessments and risk analysis to identify potential vulnerabilities and security gaps. • Assist with Getting Data In (GDI) in the context of an implementation • Design and execute proactive threat hunting strategies to … attack vectors and methodologies. • Strong analytical and problem-solving skills, with the ability to analyze large datasets and identify actionable insights. • Experience with additional security tools a plus including, risk tools, BAS/CART, EDR, Kali, IDS/IPS, Firewall, MFA. 5. Experience with both Linux and Windows, including the Linux command line and tools such as vi. 6. … effectively, across levels of an organization. 8. A self-starter who can remain motivated when working individually. 9. 2-5 years of consulting experience. 10. Familiarity with GRC (governance, risk & compliance) experience a plus - NIST, FISMA, HIPPA, etc. More ❯

compliance with Department of Defense (DoD) security policies. Key Responsibilities: Monitor and analyze system security logs and alerts to identify suspicious activities and potential threats. Support vulnerability assessments and risk analysis activities. Implement security controls in accordance with DoD cybersecurity regulations and RMF (Risk Management Framework). Assist with security incident response, containment, investigation, and remediation efforts. More ❯

development of high level security compliant architecture and contribution to the design of the preliminary and detailed designs of the solution: it includes the study of alternatives and a risk assessment Consult on potential security components architectures (e.g. SIEM, IAM, gateways, detection and deception capabilities ) Evaluate architectures against Business Line policy and major cyber security standards & regulation frameworks (NIST … You are proficient with Infrastructure Security Design, Security Supervision Design, and Information Systems Security (ISS) You can advise and give support to the rest of the team Familiar with Risk Analysis, Network Security, Cryptography, Identity & Access Management (software/hardware development, the NIST Cybersecurity Framework, cloud technologies) Able to monitor and measure risk as well as compliance … You have the ability to work with customers and technical teams NICE TO HAVE: Domain knowledge - Defence, Nuclear, Government, Aerospace, CNI, Transport Risk Management and Accreditation YOUR CAREER AT THALES Future opportunities will allow you to discover other domains or sites. You will be able to evolve and grow your competences in different areas: Room and attention to personal More ❯

with customers to define and implement Cyber Security Operations capabilities within their organisations. Assists customers in the routine application and interpretation of SOC security legislation, standards, policies and practices. Risk Assessment and Vulnerability Analysis: Perform thorough assessments of clients’ SOC systems, identifying security gaps, and vulnerabilities. Conduct risk analyses to determine potential impacts on operations and prioritize … Understanding of SOC/SIEM configurations and possesses the ability to test, diagnose, configure and maintain SOC systems. Produce security architecture design documents that have been created through an analysis of the potential risks, which has taken into account threats and likely attack routes to a system and produces pragmatic security controls. Selection of appropriate security components to provide … department policies. Ability to analyse information and produce reports, network diagrams and recommendations on how to improve security monitoring and detection. Ability to plan, control, report and manage the risk for a defined package of work to ensure delivery of on-time, budget and quality products. This role will require SC Clearance. It would be advantageous if currently held More ❯

Top Secret). The ISSO will be responsible for developing, maintaining, and enforcing security policies, implementing cybersecurity controls, managing Authority to Operate (ATO) documentation, and conducting continuous monitoring and risk assessments in compliance with FISMA, NIST, DOJ, and other federal mandates. What Your Day-To-Day Looks Like (Position Responsibilities): Serve as the principal cybersecurity advisor to system owners … re-architecting and/or re-design activities. Develop, implement, and evaluate security controls, measures, and frameworks in cloud-based systems to ensure data integrity, confidentiality, and availability. Perform risk analysis, vulnerability assessments, and security audits to identify and address potential weaknesses in cloud environments. Follow all appropriate security authorization process for requesting and maintaining an Authority to More ❯

Key Responsibilities: Implement and manage security technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), SIEMs, and endpoint protection Conduct threat and vulnerability assessments, penetration testing, and risk analysis activities Design and deploy security controls that align with enterprise architecture and regulatory requirements Support secure configuration and hardening of systems, applications, and infrastructure Monitor and respond More ❯

Ensure security is prioritised through automation tools, security testing, and vulnerability scanning as part of the continuous delivery process. Security Assessments & Incident Response : Conduct security assessments, vulnerability scans and risk analyses to identify and address potential security weaknesses within cloud environments. Support the security operations team in incident response efforts related to cloud security incidents, ensuring timely detection, containment More ❯

Join to apply for the Technology Risk & Controls Manager role at JPMorganChase Continue with Google Continue with Google Join to apply for the Technology Risk & Controls Manager role at JPMorganChase Organization Description Our dedicated team in Cyber and Technology Controls plays a crucial role in safeguarding our organization's data assets. We focus on managing data protection, data … employees’ religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation. Job Description As a Technology Risk and Controls Lead in our Corporate and Investment Banking division, you will play a crucial role in identifying and managing data-related risks whilst ensuring alignment to our strategic … objectives. You will utilize your expertise in risk management, data protection, and data management to effectively communicate complex technical information to senior management and support global stakeholders in understanding and executing their data related risk and controls obligations. Your ability to influence and collaborate across all organizational levels will be essential in driving our data risk management More ❯

activities. Duties may include : Perform oversight of the development, implementation and evaluation of information system security program policy; special emphasis placed upon integration of existing SAP network infrastructures Perform analysis of network security, based upon the Risk Management Framework (RMF) with emphasize on Joint Special Access Program Implementation Guide (JSIG) authorization process Provides expert support, research and analysis … and implementation of trusted relations among external systems and architectures. Assesses and mitigates system security threats/risks throughout the program life cycle Contributes to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations Thinks independently and demonstrates exceptional written and oral communications skills. Applies advanced technical principles, theories … SSE IPT reviews Provides expert level consultation and technical services on all aspects of Information Security Review ISSE related designs and provides security compliance recommendations Develop and provide IA risk management recommendations to the customer Provide ISSE support for Mission and Training systems design and development Assist with development and maintenance of the Program Protection Plan Assist with site More ❯

activities. Performance shall include : Perform oversight of the development, implementation and evaluation of information system security program policy; special emphasis placed upon integration of existing SAP network infrastructures Perform analysis of network security, based upon the Risk Management Framework (RMF) with emphasize on Joint Special Access Program Implementation Guide (JSIG) authorization process Provides expert support, research and analysis … and implementation of trusted relations among external systems and architectures. Assesses and mitigates system security threats/risks throughout the program life cycle Contributes to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations. Thinks independently and demonstrates exceptional written and oral communications skills. Applies advanced technical principles, theories … SSE IPT reviews. Provides expert level consultation and technical services on all aspects of Information Security Review ISSE related designs and provides security compliance recommendations. Develop and provide IA risk management recommendations to the customer. Provide ISSE support for Mission and Training systems design and development. Assist with development and maintenance of the Program Protection Plan. Assist with site More ❯

computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies. Validates and verifies system security requirements definitions and analysis and establishes system security designs. Designs, develops, implements and/or integrates IA and security systems and system components including those for networking, computing, and enclave environments to include … and implementation of trusted relations among external systems and architectures. Assesses and mitigates system security threats/risks throughout the program life cycle. Contributes to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations. Reviews certification and accreditation (C&A) documentation, providing feedback on completeness and compliance of its … to : system security design process; engineering life cycle; information domain; cross domain solutions; commercial off-the-shelf and government off-the-shelf cryptography; identification; authentication; and authorization; system integration; risk management; intrusion detection; contingency planning; incident handling; configuration control; change management; auditing; certification and accreditation process; principles of IA (confidentiality, integrity, non-repudiation, availability, and access control); and security More ❯

security vulnerabilities and threats through automation and proactive monitoring. Define and enforce security policies and best practices for cloud usage across the organization. Conduct regular security assessments, audits, and risk analysis on cloud-based systems. Collaborate with DevOps to integrate security into CI/CD pipelines (DevSecOps). Manage identity and access controls (IAM) to enforce least privilege … principles. Respond to security incidents and lead root cause analysis for cloud-related security breaches. Stay current with the latest cloud security trends, threats, and technologies. Required Qualifications Bachelors degree in Computer Science, Cybersecurity, or a related field (or equivalent experience). 3+ years of experience in cybersecurity with at least 2 years focused on cloud security. Hands-on More ❯

Risk Management Framework (RMF), NMAP, PKI, Wireshark, auditing, penetration testing, scripting, IASAE, CISSP, ISSEP, NISCAP Due to federal contract requirements, United States citizenship and an active TS/SCI security clearance and polygraph are required for the position. Required: Must be a US Citizen Must have TS/SCI clearance w/active polygraph Bachelor's degree in Computer … Five (05) years of experience with Defense in Depth Principals/technology including access control, authorization, identification and authentication, public key infrastructure, network and enterprise security architecture and applying risk assessment methodology to system development. Must have a solid understanding of security practices and policies and hands-on vulnerability testing experience. Must have experience applying Risk Management Framework. … Certification. Computer Information Systems Security Professional CISSP Certification. Experience developing/implementing integrated security services management processes, such as assessing and auditing network penetration testing, anti-virus planning assistance, risk analysis, and incident response. Experience providing information assurance support for application development that includes system security certifications and project evaluations for firewalls that encompass the development, design, and More ❯

applications and dashboards. • Develop Security Test Procedure (STP), conducts self-assessments to verify compliance with required configuration guidance and support A&A testing and validation of security designs. • Conducting risk analysis reviewing ACAS, CVEs, plugins, CWEs, research, collaborate with System Administrators to mitigate identified vulnerabilities and/or author Plans of Actions and Milestones (PO&AM) as needed. … reporting to appropriate IC and DoD authorities (i.e., USCYBERCOM, IC-SCC) • Support security authorization activities in compliance with the customer Information System Certification and Accreditation Process following the NIST Risk Management Framework (RMF), CNSSI No 1243 and other prescribed business processes for security engineering. • Assist architects and systems developers in the identification and implementation of appropriate information security functionality … to: system security design process; engineering life cycle; information domain; cross domain solutions; commercial off-the-shelf and government off-the-shelf cryptography; identification; authentication; and authorization; system integration; risk management; intrusion detection; contingency planning; incident handling; configuration control; change management; auditing; certification and accreditation process; principles of IA (confidentiality, integrity, non-repudiation, availability, and access control); and security More ❯

and requirements, such as: Working with AWS Cloud Infrastructure team to secure our cloud infrastructure Working with the development team in embedding security in the SDLC Provide assistance in risk management activities Support security-related incidents Support our log monitoring operations Take part in threat modelling sessions Support the teams in risk analysis of technical vulnerabilities Support More ❯

ongoing threat detection and response. Integrate Security in SDLC: Collaborate with product and engineering teams to integrate security into every stage of the software development lifecycle. Threat Modeling and Risk Analysis: Perform structured threat modeling using frameworks such as STRIDE and PASTA to proactively mitigate security risks. Champion Developer Education: Promote secure development practices by educating engineers on More ❯

performance strategy and ensuring best practices Participate actively in functional, system and regression testing activities Capture quality assurance data and metrics to provide insights and conclusions Estimate and perform risk analysis for quality delivery Should contribute in programming using Python/C#/Java or Tosca Design and develop the automated tests using automation tools using Pyraft/ More ❯