Information Security Risk Analyst

About Cast & Crew 
We grew from a modest small business in 1976 to be the premiere provider of entertainment technology and solutions, staying true to our mission of modernizing content production and leading the digital transformation within the industry. Our cloud-based solutions and industry expertise help streamline the entire production lifecycle and have revolutionized how content is made. We now have a global workforce across a host of storied brands, spanning all areas of produced and live entertainment, from film, television, streaming, to advertising, live events, and short-form. 

Information Security Risk Analyst

Regular Full-Time

Position Overview:

The Information Security Risk Analyst is responsible for assessing all information risks and facilitating remediation of identified vulnerabilities for the Information Security Office and IT risk across the enterprise. This highly analytical individual will be responsible for leading program maturity efforts and initiatives in collaboration with operations and engineering departments.

The Information Security Risk Analyst should have experience with risk and compliance tools, audits including SOC 1 and SOC 2, and vulnerability remediation. A desire to innovate and stay current on security technologies is also required.

Core Responsibilities

• Participating in risk assessments and audits by collecting and analyzing documentation, statistics, evidence, and reports.
• Developing and maintaining security documentation such as policies, standards, and procedures
• Establishing policies and procedures to identify and address risks in the organizations services and departments.
• Information gathering and interviewing of internal resources to complete third-party security questionnaires.
• Leading third-party vendor assessments utilizing risk-scoring tools.
• Maintaining internal risk scores by managing vulnerability remediation.
• Advising internal lines of business, IT partners, and 3rd parties on how to remediate technical security issues and verify remediation activities.
• Reviewing and assessing risk management policies and protocols; making recommendations and implementing modifications and improvements.
• Monitoring and reporting on internal control effectiveness.
• Understanding applicable regulations, guidelines, and industry best practices to manage risk and ensure compliance.
• Reviewing and analyzing metrics and data such as vulnerability scan reports and cybersecurity risk scoring tools.
• Drafting and presenting risk reports and proposals to executive leadership and senior staff.
• Performing other duties as directed

Key Qualifications

Total experience of 5+ years in Information Security with experience in the following:

• Audits and risk management
• Third-party security assessments
• Documentation and creation of policies, procedures, and runbooks
• Vulnerability remediation

Communications:

• Excellent oral communication skills and is comfortable in group or small team settings
• Excellent written communication skills
• Ability to take highly technical material and present\communicate it to a non-technical audience

Relationship Building:

• Builds excellent working relations with all IT colleagues and users, works effectively with department and executive management, and maintains a professional relationship with outside clients

Planning, Organizing, Prioritizing, Delivering:

• Exhibits mature organization and time management skills
• Excellent problem-solving skills
• Excellent documentation, communications, and interpersonal skills.
• Effectively plans and organizes daily work following priorities set by the Security manager and help desk tickets when appropriate
• Demonstrates strong follow-up and follow-through skills in ensuring timely completion of projects
• Self-starter who actively takes responsibility to resolve technical problems but also knows when to ask questions to avoid major delays in delivery of work product

Knowledge of: 

• Vulnerability scanners and risk-scoring tools
• Audits including SOC 1 type 2, SOC 2 type 2, and internal audits
• Risk management best practices
• Information gathering and reporting
• Experience implementing and supporting security technology such as risk management, GRC, and vulnerability management tools

Skill In: 

• Using commercial and open-source risk management, GRC, and security tools
• Knowledge of auditing best practices
• Advising on vulnerability remediation
• Writing technical documentation
• Communicating risk management needs to other departments and management
• Working as part of a team
• Experience in the Entertainment Industry is a plus

Preferred Qualifications

One or more of the following certifications is preferred:

• CISSP
• CRISC
• Vendor Certifications (e.g., AWS/Azure)
• GIAC/ GSEC
• CISA

Special Work Conditions         

• Sedentary - Involves sitting most of the time but may involve walking or standing for brief periods of time. Some positions may entail exerting up to 30 lbs. of force occasionally and/or a negligible amount of force to lift, carry, push, or pull.