Senior Information Security Analyst

Senior Information Security Analyst

Wilmington, DE

Monday – Friday 8:00 am – 5:00 pm

Remote

The Information Technology Risk Oversight (ITRO) function, within CSC Legal, Risk & Compliance Global Shared Services, is seeking to expand its dynamic second-line IT risk oversight team with the addition of a Senior Information Security Analyst.

This role is a key component of the broader Risk Management and Governance frameworks and will play a pivotal part in the continued maturation and embedding of the Enterprise Risk Management (ERM) framework. The position will focus on the oversight and management of current and emerging risks across Technology, Data, Cyber, and Artificial Intelligence (AI).

The role is suited for an Information Security professional with proven second/third line oversight experience in Technology risk management and/or Technology audit in financial services. The successful candidate must have subject matter expertise in InfoSec and Cyber risk and the ability handle a variety of Tech/Cyber assurance projects across various domains.

Some of the things you’ll be doing:

• Promote good risk management practices and governance across the organization in line with CSC Enterprise Risk management Framework (ERMF). This includes close cooperation with Enterprise Security and Business Unit technology teams.
• Ensure enterprise risk management requirements are incorporated into enterprise and product governance forums and provide independent challenge to technology and business leaders on risk posture.
• Provide risk advisory for new product launches, technology and AI adoptions and vendor integrations
• Support and guide risk and control owners during initial control design of in-house and third party applications and emerging technologies including AI
• Support and drive compliance with regulatory expectations.
• Provide 1 st line teams with the necessary tools (policy, standards, templates, advice and guidance) to embed a structured, consistent way of risk identification, evaluation, monitoring and reporting across Cyber Security, Technology, Data and AI risk taxonomies.
• Participate and/or facilitate IT & cyber risk assessments and deep dives across key systems and applications including third party systems and SaaS solutions
• Partner with Enterprise Security and BU Technology teams to ensure risks are properly recorded, tracked and remediated in CSC global GRC tool.
• Participate and drive the development of risk action and mitigation plans including root cause analysis.
• Promote and support the development of appropriate control frameworks to ensure Cyber security, Technology, Data and AI risks are managed responsibly
• Driving firm-wide risk policy enhancements, consistent distribution of the policies, oversight of policy implementation