View Our Website View All Jobs

Information Security Risk Assessment Analyst (8261506)

  • Independently perform risk based security reviews of first and third parties at Facebook including internal systems, cloud providers, *aaS providers, outsourced vendors, etc.
  • Articulate security findings to internal and external stakeholders including third-party vendors
  • Provide defensible Recommendations on technical, physical and administrative control implementations based on assessment findings while balancing the cost versus benefits
  • Negotiate acceptance of remediation plans and timelines based on criticality of each finding
  • Participate in the development and oversight of corrective actions relating to security issues
  • Compile and report out security risk and operational metrics
  • Participate in cross-functional, team, and status review meetings
  • Recommend process improvement and strategic initiatives as related to security assessment
  • Must have prior experience with first or third-party security assessment
  • In-depth knowledge of security assessment lifecycle
  • Knowledge of evaluating systems architectural designs, data-flow diagrams and technical security implementations, particularly for systems hosted on the cloud platforms, for security deficiencies
  • Ability to identify and assess security risks and recommend mitigating controls
  • Knowledge of security technologies, devices and countermeasures as well as the the threats they are designed to counter
  • Good understanding of the various hacking techniques and the defensive countermeasures
  • Good understanding of the threat landscape as related to vendors
  • Good understanding of the cloud technology (IaaS, PaaS, SaaS) and the current IT trends in the industry
  • Experience with developing security reporting and recommendations that are meaningful, defensible and actionable for a variety of audiences
  • Knowledge and understanding of security controls across all security domains such as access management, encryptions, vulnerability management, authentication and authorization, network security (IPS/IDS/DLP/Gen-2 firewalls/2FA, etc.), physical security, etc.
  • Excellent verbal and written communication skills

Other desirable skills & experience

  • Program and project management skills
  • Risk management frameworks and techniques
  • Threat modeling techniques
  • Software development
  • CISSP, CEH certifications
  • Good grasp of NIST, PCI, ISO, and SOC

Bachelor's Degree and/or advanced degree with a concentration in one of the followings: Computer Science, Management Information Systems, or Cyber Security

Read More

Apply for this position

Apply with Indeed
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file