+ Reply to Thread
Results 1 to 9 of 9
  1. Junior Member
    Join Date
    Dec 2014
    Posts
    7
    #1

    Default Anyone working as an IT risk analyst?

    Anyone working as an IT risk analyst?
    Reply With Quote Quote  

  2. SS
  3. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,632

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CCSK, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security, MSISA, BSBA
    #2
    Im an Information Security Risk Management Sr. Manager, encompassing everything governance, risk, compliance, and audit related, as well as more.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CCSK, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: eJPT, Learning: Linux/CLI, Git, Python, Pentesting
    Next Up:​ eJPT, eCPPTv2, OSCP
    Studying:​ Code Academy (CLI, Git, Python), eLearnSecurity PTSv3
    Reply With Quote Quote  

  4. Junior Member
    Join Date
    Dec 2014
    Posts
    7
    #3
    I was going to PM you with a question but see you have it disabled.
    Reply With Quote Quote  

  5. Member dizzy_kitty's Avatar
    Join Date
    Jun 2016
    Location
    US
    Posts
    88

    Certifications
    Security+, CEH, PMP, ACP, CCNA, CTFL, Cloud+
    #4
    Can you post your question here if it's not personal? Nice to see good questions I haven't thought of asked and answered.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Mar 2011
    Location
    Chicago
    Posts
    1,388

    Certifications
    CISSP-ISSAP, HCISPP GPEN, GSEC, GSNA, GCIH, E|CH, ECSA, Security+
    #5
    Risk Manager among other duties as assigned or depending on the day. Today's flavor is the annual risk assessment for the organization. Really, an oxymoron unto itself. The industry is in great disagreement with itself.

    - b/eads
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Dec 2014
    Posts
    7
    #6
    What sort of stuff do you do on a daily basis in risk, does it require doing up new proccess etc and lots of paperwork?
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    Dec 2014
    Posts
    7
    #7
    anyone else?
    Reply With Quote Quote  

  9. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    398

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CPT+, CASP, CSAE, CNSP, CNVP, C|EH, OSCP, Splunk Certified Admin
    #8
    Well what someone does on a day to day basis will depend on how their organization manages risk. Some places have many analyst and implement them VERY differently and some places may have just one single risk analyst doing everything (this HIGHLY not recommended though). Where I work we have analysts who are responsible for several packages each, I used to be one of them. A package is a system or collection of systems that all serve the same purpose, for example there may be a group of systems that are used to simulate various tests and output data. Those systems would be considered a package. As an analyst it was my job to oversee and help guide the program managers, system administrators, information systems security officers and user reps through the steps of the RMF.

    There is A TON of paperwork involved with managing risk, in fact some refer to it as "document management" or "excel warrior" and not risk management lol. Most places are implementing the RMF(Risk Management Framework) these days but I have yet to see two places implement it exactly the same, everyone puts their own spin on it.

    So to sum all of that up in a TL;DR version, it depends.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    May 2013
    Posts
    1,483

    Certifications
    CISSP, CISA, GWAPT, GSEC
    #9
    Look at frameworks like NIST 800 series and COBIT. It depends on the environment but managing risk requires tons and tons of documentation for everything.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks