Anyone working as an IT risk analyst?
dingdangdoo22
Member Posts: 8 ■□□□□□□□□□
Comments
-
JoJoCal19 Mod Posts: 2,835 ModIm an Information Security Risk Management Sr. Manager, encompassing everything governance, risk, compliance, and audit related, as well as more.Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
dingdangdoo22 Member Posts: 8 ■□□□□□□□□□I was going to PM you with a question but see you have it disabled.
-
dizzy_kitty Member Posts: 95 ■■■□□□□□□□Can you post your question here if it's not personal? Nice to see good questions I haven't thought of asked and answered.
-
beads Member Posts: 1,533 ■■■■■■■■■□Risk Manager among other duties as assigned or depending on the day. Today's flavor is the annual risk assessment for the organization. Really, an oxymoron unto itself. The industry is in great disagreement with itself.
- b/eads -
dingdangdoo22 Member Posts: 8 ■□□□□□□□□□What sort of stuff do you do on a daily basis in risk, does it require doing up new proccess etc and lots of paperwork?
-
McxRisley Member Posts: 494 ■■■■■□□□□□Well what someone does on a day to day basis will depend on how their organization manages risk. Some places have many analyst and implement them VERY differently and some places may have just one single risk analyst doing everything (this HIGHLY not recommended though). Where I work we have analysts who are responsible for several packages each, I used to be one of them. A package is a system or collection of systems that all serve the same purpose, for example there may be a group of systems that are used to simulate various tests and output data. Those systems would be considered a package. As an analyst it was my job to oversee and help guide the program managers, system administrators, information systems security officers and user reps through the steps of the RMF.
There is A TON of paperwork involved with managing risk, in fact some refer to it as "document management" or "excel warrior" and not risk management lol. Most places are implementing the RMF(Risk Management Framework) these days but I have yet to see two places implement it exactly the same, everyone puts their own spin on it.
So to sum all of that up in a TL;DR version, it depends.I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect. -
TechGuru80 Member Posts: 1,539 ■■■■■■□□□□Look at frameworks like NIST 800 series and COBIT. It depends on the environment but managing risk requires tons and tons of documentation for everything.