Sr. Cyber Risk Analyst

Tulsa, OK, United States

Overview

As we celebrate our Centennial year, we invite you to join us in shaping the next century of impact. Be a relentless force for a world of longer, healthier lives as we remain devoted to a future of health and hope for everyone, everywhere. At the American Heart Association, your contribution matters, and so does your career.

The American Heart Association has an excellent opportunity for a Sr. Cyber Risk Analyst in our National Center office located in Dallas, TX. (Home-based work available)

The Business Technology (BT) Sr. Cyber Risk Analyst is responsible for risk identification and management across the BT department and the overall American Heart Association organization. This position will support the BT Risk Manager in the management and administration of the Cyber/Risk Management program and Governance Risk and Compliance (GRC) processes and tools. .

The primary goal of the BT Risk Management team is to protect the confidentiality, integrity, and availability of American Heart Association 's data. The Sr. Cyber Security Risk Analyst will partner with all appropriate parties which includes, but is not limited to: other departments, service providers, application service providers, technology staff, etc. to help ensure risks are managed appropriately to support the BT Risk Management needs of the American Heart Association.

The Association offers many resources to help you maintain work-life harmonization through your changing needs and life situations. To help you be successful, you will have access to Heart U, our award-winning corporate university, as well as additional training and support, locally.

#TheAHALife is our company culture, our way of life, reflecting our diversity, equity & inclusion, our focus on work-life harmonization and our Guiding Values. Discover why you will Be Seen. Be Heard. Be Valued™ at the American Heart Association by following us on LinkedIn, Instagram, Facebook, X (formerly Twitter), and at heart.jobs.

Responsibilities

Active participation in developing and implementing strategic initiatives for the Cyber Risk Management Program (CRMP). Apply quantitative risk valuation models and tooling to inform and support strategic and tactical risk-based decisions.

Enhance Vendor Security Assessment process by collaborating with business and technology stakeholders. Maintain security scorecards and metrics from vendors, corporate functions and affiliated offices. Communicates technical issues to diverse audiences and have knowledge and/or experience in application and infrastructure security, public cloud.

Review and analyzes statistics of network events and system performance to locate and recommend remediation and lead strategies for discovered vulnerabilities.

Assist and partner with the Affiliates on annual PCI Data Security Certification Process.

Support and administer the Governance Risk and Compliance (GRC) Tool surrouding data mapping, cookie consent, privacy consent, third pary risk management and overall risk management.

Will be point of contact to coordinate Technical incident response. Support incident response efforts and conduct post-incident analysis to identify areas for improvement.

Assist project teams in the implementation of security measures to meet corporate security policies, manage risk, and meet external regulations, including various data security standards.

Weight business needs against security concerns and articulate issues and options to management. Research and assess new threats and security alerts and recommend remedial action.

Ensures of proper documentation of technology assessment results, and monitors remediation. Deliver all documentation developed during task execution, with status of all work in progress. Create Weekly and Monthly Status Reports, including daily technical task reports, threat management reports, among others.

Support the Business Technology Disaster Recovery process

Want to help get your resume to the top? Take a look at the experience we require:

Qualifications

Bachelor's degree in one of the following areas: Computer Sciences, Computer Engineering, Information Assurance, Information Security and/or Risk Management.

At least 6 years of experience applying information security controls methods, processes and risk management best practices in a Global-International forum.

Proven experience in succesffully implementing PCI DSS framework.

Strong technical information security knowledge to assess various information security and risk management processes and tools.

Experience with Security Controls frameworks (e.g. CobIT, ISO 27001, NIST, PCI DSS, RMF, among others) and knowledge of privacy regulations (e.g. GDPR, CPRA, CPA, etc.)

Able to work effectively in an environment characterized by multi-tasking, fast-paced, lead by multiple projects and conflicting priorities. Multi-level communications and interpersonal skills (including strong documentation skills). Able to effectively communicate security-related concepts to a broad range of technical and non-technical staff; across IT and business.

Information Security Certification(s) preferred, which may include, but is not limited to: CEH, CISSP, PCI ISA, among others

Compensation & Benefits

Expected pay range will be $80,000- $95,000. Pay is commensurate with experience; geographic differentials to the pay range may apply. The American Heart Association reserves the right to pay more or less than the posted range.

The American Heart Association invests in its people. Here are the main components of our total rewards package. Visit Rewards & Benefits to see more details.

Compensation – Our goal is to ensure you have a competitive base salary. That’s why we regularly review the market value of jobs and make adjustments, as needed.

Performance and Recognition – You are rewarded for achieving success by merit increases and incentive programs, based on the type of position.

Benefits – We offer a wide array of benefits including medical, dental, vision, disability, and life insurance, along with a robust retirement program that includes an employer match and automatic contribution. As a mark of our commitment to employee well-being, we also offer an employee assistance program, employee wellness program and telemedicine, and medical consultation.

Professional Development – You can join one of our many Employee Resource Groups (ERG) or be a mentor/mentee in our professional mentoring program. HeartU is the Association’s national online university, with more than 100,000 resources designed to meet your needs and busy schedule.

Work-Life Harmonization – The Association offers Paid Time Off (PTO) at a minimum of 16 days per year for new employees. The number of days will increase based on seniority level. You will also have a total of 12 paid holidays off each year, which includes several days off at the end of the year.

Tuition Assistance - We support the career development of all employees. This program provides financial assistance to employees who wish to further their education and career in relation to their current duties and responsibilities, or for potential future positions in the organization.

The American Heart Association’s 2024 Goal: Every person deserves the opportunity for a full, healthy life. As champions for health equity, by 2024, the American Heart Association will advance cardiovascular health for all, including identifying and removing barriers to health care access and quality.

At American Heart Association | American Stroke Association, our mission is to be a relentless force for a world of longer, healthier lives, regardless of race, ethnicity, gender, gender identity, religion, age, language, sexual orientation, national origin and physical or cognitive abilities. We're committed to ensuring our workforce, workplace culture and mission have a shared impact across a diverse set of backgrounds.

This position not a match with your skills? Click here to see other opportunities.

EOE/Protected Veterans/Persons with Disabilities

Join our Talent Community!

Join our Talent Community to receive updates on new opportunities and future events.

Posted Date 2 months ago (4/29/2024 1:20 PM)

Requisition ID 2024-13159

Job Category Information Technology

Position Type Full Time