View Our Website View All Jobs

Information Security Risk Assessment Analyst (8261506)

  • Independently perform risk based security reviews of first and third parties at Facebook including internal systems, cloud providers, *aaS providers, outsourced vendors, etc.
  • Articulate security findings to internal and external stakeholders including third-party vendors
  • Provide defensible Recommendations on technical, physical and administrative control implementations based on assessment findings while balancing the cost versus benefits
  • Negotiate acceptance of remediation plans and timelines based on criticality of each finding
  • Participate in the development and oversight of corrective actions relating to security issues
  • Compile and report out security risk and operational metrics
  • Participate in cross-functional, team, and status review meetings
  • Recommend process improvement and strategic initiatives as related to security assessment
  • Must have prior experience with first or third-party security assessment
  • In-depth knowledge of security assessment lifecycle
  • Knowledge of evaluating systems architectural designs, data-flow diagrams and technical security implementations, particularly for systems hosted on the cloud platforms, for security deficiencies
  • Ability to identify and assess security risks and recommend mitigating controls
  • Knowledge of security technologies, devices and countermeasures as well as the the threats they are designed to counter
  • Good understanding of the various hacking techniques and the defensive countermeasures
  • Good understanding of the threat landscape as related to vendors
  • Good understanding of the cloud technology (IaaS, PaaS, SaaS) and the current IT trends in the industry
  • Experience with developing security reporting and recommendations that are meaningful, defensible and actionable for a variety of audiences
  • Knowledge and understanding of security controls across all security domains such as access management, encryptions, vulnerability management, authentication and authorization, network security (IPS/IDS/DLP/Gen-2 firewalls/2FA, etc.), physical security, etc.
  • Excellent verbal and written communication skills

Other desirable skills & experience

  • Program and project management skills
  • Risk management frameworks and techniques
  • Threat modeling techniques
  • Software development
  • CISSP, CEH certifications
  • Good grasp of NIST, PCI, ISO, and SOC

Bachelor's Degree and/or advanced degree with a concentration in one of the followings: Computer Science, Management Information Systems, or Cyber Security

Read More

Apply for this position

Required*
Apply with Indeed
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

150