Information Security Risk Analyst

Overview

If you’re looking for a high-energy, inclusive atmosphere and a company that understands the importance of work/life balance, Commonwealth is your match! From generous bonus and 401(k) programs to tuition reimbursement and flexible work schedules, Commonwealth is focused on helping its employees thrive in an environment suited to their needs. On top of all that, the Information Security department offers a hybrid work schedule, so you’ll be able to work from home for part of the week!

 

We’re looking for an information security risk analyst to join our ranks. Do you have a passion for information security and risk management? Are you a risk professional and leader seeking a challenge within a growing business? Our high-performance Information Security Governance, Risk and Compliance (GRC) team is looking for a service-focused individual to support the implementation of our framework and drive effective security risk management.

 

This is a new role within a recently formed team that is revolutionizing how our organization identifies, assesses, manages, and monitors information security risk. You will work closely with other members of the Information Security and Technology teams to ensure continuous operational success.

 

Key Responsibilities

• Collaborating with our Security GRC Manager and Risk Lead on projects and assessments.
• Support development and maintenance of operational risk management framework, policies, and procedures to guide the organization's approach to managing operational and tactical security risk for the business, integrating with internal IT risk and ERM processes
• Develop approach and framework for implementing Risk-as-a-Service, conducting risk assessments for the advisor estate, leveraging solutions and automation to support threat and risk identification, and support risk management process for advisor consumption
• Providing support for capability and risk assessments, threat identification and reporting, and recording data in our risk management platform.
• Performing security assessments and workshops for new and existing IT services, architecture, technologies, equipment, processes, and procedures; identifying weaknesses in controls or solutions and recommending appropriate resolutions
• Evaluate the effectiveness of existing security controls and safeguards and recommend enhancements to mitigate identified risks.
• Creating key performance and risk indicators to identify organizational security monitoring metrics.
• Identifying, assessing, and measuring changes in the internal and external risk landscape; supporting reprioritization, improvement, and pivoting of security programs.
• Researching and documenting key required regulations; assisting with internal and external audits.
• Contributing to additional governance-related activities, such as program tracking and information security program management, executive reporting, developing project requirements, forecasting costs, and continuously improving processes.

Core Strengths and Skills

• 2-3 years of experience in Information security risk management and/or audit experience in cyber risk management, preferably in big 4 or in the insurance and financial services industry.
• Solid knowledge of and interest in technology, with a basic understanding of networks and network security.
• Strong understanding of information security principles, practices, and technologies, including risk assessment methodologies, security controls, and regulatory requirements (e.g., NIST 800-30, FAIR, etc.)
• Experience conducting risk assessments, developing risk management frameworks, and implementing risk mitigation strategies.
• Experience working with internal or external auditors.
• Strong communication and interpersonal skills with the ability to collaborate effectively with cross-functional teams and stakeholders.
• Flexible, reliable, and dependable. Focused and able to follow direction.
• Professional demeanor, including strong writing and oral communication skills.
• Can work independently to deliver on projects, as well as collaboratively with the team.
• Willingness to learn quickly and independently; take charge of completing projects with minimal supervision.
• Thinks outside the box, challenging current processes (where applicable) to innovate and identify improvement opportunities.

Additional Skills and Knowledge

• Relevant IT/cybersecurity certifications are a plus.
• IT risk analysis and business risk profile preparation experience.
• Finance or writing project management skills, a plus.
• Understanding of risk register and remediation tracking management.
• Experience working within an IT controls framework and evaluating related risks.
• Excellent knowledge of information security and related principles.
• Exceptional computer skills and experience with Microsoft Office (Word, PowerPoint, Excel) is a must.
• Basic knowledge of relevant federal and state compliance regulations (e.g., SEC, FINRA, CCPA, MA 201 CMR17, NYDFS, etc.) and its relevance from an Information Security perspective.
• Familiarity with information technology standards and publications of best practice guidelines for computer security (e.g., IT Handbook, ISO/IEC, NIST, CIS).
• Knowledge of risk identification, quantification, and reporting processes.

Have we piqued your curiosity? Can you see yourself thriving in this opportunity? 

 

Picture Yourself Here  

At Commonwealth, we believe in a better world. We hold ourselves and each other to higher standards. We take care of one another. That’s why we invest in you—we encourage employee growth both in your career and education; we are building out a robust diversity, equity, and inclusion program; we offer incredible healthcare benefits; and we find plenty of occasions to celebrate. What’s not to love? 

 

We are always striving to be better, and we are looking for employees who share that same mindset. Better people, better coworkers, better leaders, better creators. Bring your best work and your full self to the table, and we will do the same. Together, we can build a better future for our advisors, their clients, our company, and you. 

  

About Commonwealth  

Commonwealth Financial Network, Member FINRA/SIPC, a Registered Investment Adviser, provides a suite of business solutions that empowers more than 2,000 independent financial advisors nationwide. Privately held since 1979, the firm has headquarters in Waltham, Massachusetts, and San Diego, California.  

  

Turning our advisors into raving fans starts by doing the same for our employees. We foster an environment of excellence, growth, rewards, and fun in equal measure, which has earned us 44 Best Place to Work awards.   

  

The Fine Print  

We care about your online safety as a prospective employee and encourage you to exercise caution when responding to job postings online. Commonwealth will never ask potential hiring candidates to pay or transfer funds as a precondition of interviews or employment, nor will we authorize recruiters or agents to do so on our behalf.  

  

Commonwealth is an equal opportunity employer, making intentional efforts to source talent from all backgrounds.  

Min

USD $82,800.00/Yr.

Max

USD $99,300.00/Yr.