Options

Anyone working as an IT risk analyst?

dingdangdoo22dingdangdoo22 Member Posts: 8 ■□□□□□□□□□
in IT Jobs / Degrees
Anyone working as an IT risk analyst?
· Share on FacebookShare on Twitter

Comments

  • Options
    JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Im an Information Security Risk Management Sr. Manager, encompassing everything governance, risk, compliance, and audit related, as well as more.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
    · Share on FacebookShare on Twitter
  • Options
    dingdangdoo22dingdangdoo22 Member Posts: 8 ■□□□□□□□□□
    I was going to PM you with a question but see you have it disabled.
    · Share on FacebookShare on Twitter
  • Options
    dizzy_kittydizzy_kitty Member Posts: 95 ■■■□□□□□□□
    Can you post your question here if it's not personal? Nice to see good questions I haven't thought of asked and answered.
    · Share on FacebookShare on Twitter
  • Options
    beadsbeads Member Posts: 1,531 ■■■■■■■■■□
    Risk Manager among other duties as assigned or depending on the day. Today's flavor is the annual risk assessment for the organization. Really, an oxymoron unto itself. The industry is in great disagreement with itself.

    - b/eads
    · Share on FacebookShare on Twitter
  • Options
    dingdangdoo22dingdangdoo22 Member Posts: 8 ■□□□□□□□□□
    What sort of stuff do you do on a daily basis in risk, does it require doing up new proccess etc and lots of paperwork?
    · Share on FacebookShare on Twitter
  • Options
    dingdangdoo22dingdangdoo22 Member Posts: 8 ■□□□□□□□□□
    anyone else?
    · Share on FacebookShare on Twitter
  • Options
    McxRisleyMcxRisley Member Posts: 494 ■■■■■□□□□□
    Well what someone does on a day to day basis will depend on how their organization manages risk. Some places have many analyst and implement them VERY differently and some places may have just one single risk analyst doing everything (this HIGHLY not recommended though). Where I work we have analysts who are responsible for several packages each, I used to be one of them. A package is a system or collection of systems that all serve the same purpose, for example there may be a group of systems that are used to simulate various tests and output data. Those systems would be considered a package. As an analyst it was my job to oversee and help guide the program managers, system administrators, information systems security officers and user reps through the steps of the RMF.

    There is A TON of paperwork involved with managing risk, in fact some refer to it as "document management" or "excel warrior" and not risk management lol. Most places are implementing the RMF(Risk Management Framework) these days but I have yet to see two places implement it exactly the same, everyone puts their own spin on it.

    So to sum all of that up in a TL;DR version, it depends.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
    · Share on FacebookShare on Twitter
  • Options
    TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Look at frameworks like NIST 800 series and COBIT. It depends on the environment but managing risk requires tons and tons of documentation for everything.
    Security Certification Roadmap
    · Share on FacebookShare on Twitter
Sign In or Register to comment.