Job Summary:

The Information Vulnerability and Risk Analyst will be responsible for protecting SSRS systems and information assets against unauthorized access, modification, or destruction. The incumbent implements policies, procedures, and tracks compliance throughout the organization in alignment with ISO 27001 requirements and works with department managers to determine needs of individual business units. The Information Vulnerability and Risk Analyst will serve as the subject matter expert (SME) and Ambassador for SSRS’ cybersecurity program. This position will report directly to the Vice President of Information Systems.

Position Responsibilities:

  • Provide subject matter expertise on topic of Information and Cybersecurity, ISO 27001, GDPR, TCPA, CCPA, HIPAA
  • Research and remain familiar with new Consumer Privacy laws as it relates to data collection and processing
  • Stay current on industry trends and best practices, specifically as they relate to Information Security
  • Serves as the primary point of contact for SSRS’ information security
  • Monitor, analyze and interpret data from SSRS’ Security Information and Event Manager (SIEM) to detect vulnerabilities; formulate and prioritize recommendations and report network anomalies to the IT Engineering team for remediation
  • Utilizing a strong knowledge of security technologies and protocols, partners with SSRS’ IT team to ensure the security of SSRS’ electronic systems and data
  • Identify information system weaknesses and deficiencies and provide follow up to confirm the deficiencies have been addressed
  • Perform security investigations relating to data breach or detected network anomalies
  • Coordinate activities and project tasks related to SSRS’ Information Security Management System (ISMS), including documentation, delegation and follow up, and facilitating team or project meetings
  • Conduct annual internal audits, as they relate to ISO 27001, and document findings where deviations exist
  • Prepare for and conduct compliance activities in accordance with ISO 27001 external audit and certification
  • Create security reports for SSRS’ executives to support risk management decisions
  • Identify potential problems or shortfalls in SSRS’ implementation of cybersecurity policies
  • Create and conduct IT Risk and Compliance assessments with SSRS’ vendors and third parties on an annual basis
  • Respond to IT Risk and Compliance assessments from SSRS’ vendors
  • Assist in development and execution of information security, compliance and risk best practices through audits, assessments, and policy making


Skills and Qualifications:

  • Knowledge of ISO 27001, NIST 800-53 GDPR, TCPA, CCPA, HIPAA
  • Bachelor’s degree in Cybersecurity and Risk Management
  • Excellent written and verbal skills, ability to clearly communicate in non-technical language to (all employees up to and including) executive level staff
  • Detail oriented and ability to document procedures and establish SOP
  • Strong decision-making skills
  • Strong organizational and project management skills, as well as high attention to detail
  • Must be a self-starter and able to independently move projects forward, prioritize task and meet deadlines
  • Processes analytical skills to analyze metrics and create/maintain reports and databases



Equal Opportunity Employer, including disabled and veterans.