Senior Security Risk Analyst (Risk Managment)
Zynga is currently seeking a Security Risk Analyst to focus on today’s evolving cyber security threats. Collaborating with the Manager of Governance, Risk & Compliance. You will be responsible for conducting risk assessments, monitoring, and reporting, collaborating with key partners in identifying risk, and providing requirements for mitigation efforts. Ensure that policy and compliance documentation, requirements and controls are accurately and timely identified, mapped and reported for the organization to increase security posture. Additionally will ensure that data, assessment information, and GRC program information are kept up to date. Working closely with other members of the Security Team to support security administration tasks and security projects.
- Provide Information Security Program and Risk Management support by defining key risk indicators, gathering metrics, and analyzing the efficiency of information security programs and policies.
- Track and manage risk by designing and maintaining a risk register and linking it to responsible groups within the organization and the critical assets list.
- Interface with staff from various groups presenting security issues and responding to requests for assistance and information.
- Proposes new standards, tools, policies and procedures to improve security, compliance and risk management activities.
- Identify, assess, measure and monitor information technology risk by performing hands-on risk assessments.
- Identify and communicate recommended security and control deficiencies for business units.
- Maintain assessment criteria of applications & systems for measuring compliance of company policies, procedures, standards, security training programs, technical infrastructure, applications and development efforts against defined compliance baselines.
- Develop, document, maintain and support the risk management program in line with information security policy, practices and leading industry standards.
- Understand security risks pertinent to its business goals and technology infrastructure and support an enterprise information security risk program to identify & assess and respond to risks.
- Maintain an up-to-date understanding of emerging trends in information security risks; apply new techniques and trends, in-line with overall information security objectives and risk tolerance.
- Work with technology and business teams to develop and detail risk mitigation action plans, along with recommendations to reduce risks within their areas.
- Conduct quantitative and qualitative risk assessments and help to analyze risk tools, processes, and other resources to enable decision making and aid in risk mitigation.
- Continuously review program risk data to build an overall view of program risk based on individual discrete risk elements and coordinate risks.
- Solid understanding of security control frameworks
- Investigates and recommends corrective actions for data security related to established guidelines
- Work with division leaders and team members to implement GRC procedures and controls that are vital to ensure and protect the safety and security of information systems assets, including prevention of intentional or inadvertent access, modification, disclosure, or destruction
- Develop and maintain governance, risk management and compliance (GRC) programs related to system and data protection efforts across the company
- Develop, track and maintain action plans for the resolution of issues identified during assessments and audits. Provide needed assistance with the execution of those remediation plans
- Assess, document, and report security risks and control gaps. Collaborate with internal groups to direct compliance issues to appropriate channels for investigation and resolution.
- Minimum of 4 years experience in Information Security
- Minimum of 4 years risk management experience
- Strong ability to manage and report on multiple projects, prioritizing efforts, managing time effectively, and requiring minimal direction in the execution
- Proven problem solving, analytical and investigative skills combined with the ability to develop creative solutions and navigate through ambiguity in a fast-paced, agile environment
- Awareness of best practices, information security risk management, and industry trends
- Proven team player, collaborating well with others to tackle problems in a team-focused dynamic
- Excellent written and communications skills, as well as strong interpersonal and relationship building skills
Recommended Skills, Experience and Certifications
- Professional information security related certifications (CISSP, CISM, CISA, GIAC or equivalent)
- Experience in social media, technology, and/or gaming industry
What we offer you
- Zynga Stock RSUs and Bonus Plan
- Full medical, dental, vision benefits as well as life insurance
- Offices provide catered lunch daily
- Generous Paid Maternity/Paternity leave
- Open vacation policy for many employees
- Flexible working hours on many teams
- Casual dress every single day
- Work with cool people
Zynga is an equal opportunity employer. We are proud of our broad community; we do not discriminate on the basis of race, sex, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, medical condition, disability, or any other class or characteristic protected by applicable law. We welcome job-seekers, players, employees, and partners from all backgrounds. Join us!
We will consider all qualified job-seekers with criminal histories in a manner consistent with applicable law.
Zynga is committed to providing reasonable accommodation to applicants with disabilities. If you need an accommodation during the interview process, please let us know.