Description Category: 08 Reports To: Enterprise Security Officer Primary Functions: Implement and maintain the Information Risk Management Program. Duties and Responsibilities: Develop and maintain an information risk assessment schedule for all information assets. Work with departments to identify and categorize areas of information risk involving member information, confidential data, IT systems and processes. Assist in gathering risk related data from internal and external resources. Prepare information risk assessments based on the Information Risk Management Program guidelines. Direct and coordinate efforts to formulate risk mitigation plans based on the findings in the assessments. Track, measure, and report on the status of risk mitigation efforts based on the mitigation plans. Produce and provide reports and presentations that outline findings, explain risk positions and recommend changes. Assist in the development of policies and procedures to integrate risk management practices into daily operations. Recommend ways to effectively manage or reduce information risk. Perform other duties as assigned. Requirements Education: Bachelors Degree in Information Technology, or a related field; or the equivalent in education and work experience. 5 years experience in IT auditing, information security or systems risk management, or related field. Creditable Experience in Lieu of Education: Not Applicable Experience\/Skills: Working knowledge of the components of risk management, including risk processes, risk quantification, governance and reporting, and technology and systems. Working knowledge of Information Security controls and risk management practices such as COBIT, ISO, PCI and NIST standards. Strong business analytical, verbal, and written communications skills. Self-starter with ability to work independently and to manage multiple tasks\/projects in a disciplined and organized fashion while maintaining attention to detail. CISA or CRISC Certification or equivalent desired. Tenure: Assignment to the Information Risk Analyst I category 09 or Information Risk Analyst II category 08 will be determined by the candidate\u2019s education or experience. Advancement requires management recommendation and will be based on the candidate\u2019s certifications and\/or performance.