• Senior Information Security Analyst

    Location US-NC-Raleigh
    Posting date 4 days ago(12/3/2019 10:44 AM)
    Job ID
    74856
    Category
    Information Technology
  • Company description

    At Red Hat, we connect an innovative community of customers, partners, and contributors to deliver an open source stack of trusted, high-performing solutions. We offer cloud, Linux, middleware, storage, and virtualization technologies, together with award-winning global customer support, consulting, and implementation services. Red Hat is a rapidly growing company supporting more than 90% of Fortune 500 companies.

    Job summary

    The Red Hat Information Technology (IT) team is looking for a Senior Information Security Analyst to join us in Raleigh, NC. In this role, you will serve as part of Red Hat's Information Risk and Security team, which is responsible for ensuring confidentiality, integrity, and availability of Red Hat's systems, data, and networks. You'll need to maintain a current knowledge of security vulnerabilities to help you evaluate, recommend, and implement security controls to prevent unauthorized access to company information. You’ll need to have excellent communication skills, since you will consult with management and other areas of the business and advise them on their projects and on the impact that theft, destruction, alteration, or denial of access has on Red Hat's overall success.

    Primary job responsibilities

    • Develop, maintain, and refine risk management practices using established risk frameworks like NIST CSF, RMF, 800-53, or 800-171
    • Maintain a working knowledge of current information security threats and vulnerabilities
    • Stay informed on information security best practices and evaluate their applicability to the organization’s environment
    • Conduct assessments of the management, operational, and technical security controls employed by an IT system to determine the overall effectiveness of the controls according to industry standards like SOC 2 and ISO 27001
    • Evaluate organizational security policy, processes, and procedures for completeness
    • Develop and maintain a risk management strategy for the organization that includes a determination of inherent risk, residual risk, and risk tolerance
    • Facilitate an effective response to customer risk assessments using industry-standard methods, e.g, SIG, SIG Lite, VSAQ, or CIS Top 20, as well as custom requests for information (ROIs)
    • Develop and maintain a third-party risk management program
    • Determine the implications of privacy laws and regulations like GDPR and CCPA for customers and the organization
    • Effectively and qualitatively communicate information security risks and potential impacts
    • Work with system owners to take preventive or corrective actions based on risk analysis
    • Consult with various areas of the business as an information risk subject matter expert

    Required skills

    • 4+ years experience working in an enterprise risk role with a solid information security focus
    • Deep enterprise experience with one or more risk management methodologies and frameworks
    • Demonstrated pragmatic, adaptable, and result-driven approach to information security risk management
    • Ability to work as part of a globally distributed team using multiple communication methods to facilitate collaboration, e.g., chat, voice, video, or email
    • Excellent written and verbal communication skills to convey information effectively and professionally to a wide variety of technical and non-technical audiences
    • Methodical, data-driven approach to security and risk analysis; ability to think laterally and imaginatively in order to implement security improvements
    • Recognized industry certifications like Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Security+ are a plus


    Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, uniformed services, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.


    Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for, and will not pay, any fees, commissions, or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee.

     

    Interested in this job?

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed