Job Opening: Security & Risk Analyst

Why work at STORIS? STORIS is proud to be recognized among the 2022 Top Workplaces in New Jersey by NJ.com and Jersey’s Best!

Are you looking to build a dynamic career at a company that values growth opportunities and a commitment to individual development? STORIS Inc. is an award-winning, modern technology company focused on in-store, mobile, and eCommerce solutions for home furnishing retailers. We are a thriving ERP retail software and service provider dedicated to career development in a fun, family-oriented environment with an outstanding company culture.

STORIS currently has an opening for a Security & Risk Analyst to establish, implement and oversee all company security initiatives, focusing on risk assessment and mitigation in our Mount Arlington, NJ corporate headquarters.

The successful candidate will protect the company’s hardware, software, networks, and data from potential threats. The Security & Risk Analyst will fully understand the IT infrastructure, monitor it at all times and identify and address vulnerabilities that create potential risks to our information security and that of our customers. Active experience and knowledge of Cyber Security, Risk & Compliance (CSRC) which includes, risk management, compliance management, third-party risk assessments, and security awareness, are a must.

Responsibilities:

• Work directly with STORIS’ Qualified Security Assessor on company security certification initiatives, including upcoming requirement changes and new certifications
• Attain personal security certifications, as requested by the Chief Security Group
• Work with third-party finance providers on the completion of compliance examination questionnaires and reviews
• Perform on-site compliance reviews at the company’s third-party host provider locations
• Effectively manage a given budget for STORIS’ security objectives, while maintaining a diligent watch over other budgetary concerns such as hardware costs, certifications costs, and expenses and incidentals that occur during a budget cycle
• Coordinate staff when responding to emergencies and alarms
• Review reports on incidents and breaches, investigate and resolve issues to mitigate network threats and other security risks and create reports on security status
• Conduct regular audits and testing to identify and control gaps in relation to technology processes, applications, information security, internal policies, and address vulnerabilities and compliance
• Consulting with key stakeholders to ensure consistency and best practices
• Develop and manage all Security Policy/Guidelines, standardization, awareness, implementation, training and execution of related policies
• Assist with the design, configuration, and installation of network security products
• Research the latest in information security trends to keep up to date with the subject and use the latest technology to protect digital assets
• Guide engineering and product teams through risk remedy plans, identify process improvements and efficiencies and ensure technology process controls
• Partner with internal teams to understand their business processes, how they manage risks, respond/advise on compliance needs and concerns and resolve issues
• Uphold awareness of industry best practices for data maintenance handling
• Stay current on ADA policies and requirements related to website compliancy

Areas of focus include:

• Risk & Compliance
• Identity & Access Management
• Data Protection
• Incident Response
• Security Architecture

Basic Qualifications:

• Excellent knowledge of security protocols and procedures
• Solid understanding of budgeting and statistical data analysis
• Advanced knowledge of MS Office
• Experience conducting Security Gap Assessments, force protection planning, and threat modeling
• Progressive knowledge of Advanced Persistent Threat (APT) actors and/or other stealthy threat actors and how to obstruct them
• Deep understanding and demonstrated experience of end-to-end risk management lifecycle, including key components and their relationships with internal and external stakeholders
• Demonstrated experience responding to requests from internal and external auditors, and/or leading audit activities
• Proven experience designing, implementing, and enhancing engineering security risk management processes with alignment to policies, standards, procedures, and frameworks
• Proactive and self-motivated with the ability to drive results
• Excellent organizational skills and the ability to prioritize multiple tasks, projects, and assignments
• Excellent communication skills and the ability to interact with all levels including engineers, executives, and senior managers
• Bachelor’s Degree in Computer Science, Computer Engineering, Information Systems, or related field or equivalent work experience in Information Security or IT Risk Management
• Certified Information Systems Security Professional (CISSP) designation and CompTIA
• Cybersecurity Analyst (CySA+) certification a plus

Preferred Qualifications:

• Familiarity with privacy laws, data protection/security regulations, and frameworks, such as SOC1, SOC 2, BITS, COBIT, and ISO27001
• Consulting skills (client service orientation, conflict resolution, analysis/synthesis of information, negotiation, project management, etc.)
• Excellent communication, listening, and facilitation skills
• Excellent time management and related organizational skills, including appropriate sense of urgency, a proactive approach, and a suitable ability to anticipate and manage project lifecycle events, issues, and obstacles
• Able to represent the Chief Security Group in assessments and/or audits of applicable systems, processes, and general certifications. Interpret results, develop, and communicate recommendations to management.
• Able to identify and document specific security issues, propose resolution options, and interpret matters from all involved departments.

STORIS offers a competitive compensation package, excellent benefits including medical, dental, vision, 401(k), and annual profit sharing. STORIS focuses on creating a positive and friendly work environment. Additionally, employees enjoy a hybrid work-from-home and in-office schedule, fun team-building events, a wellness program, modern, renovated office space featuring a spacious kitchen with complimentary snacks, beverages, hot & cold brewed coffee, and much more!

STORIS is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to sex, race, color, religion, national origin, age, marital status, political affiliation, sexual orientation, gender identity, genetic information, disability or protected veteran status. We are committed to providing a workplace free of any discrimination or harassment.