Categories
Welcome Center
Education & Development
Cyber Security
Virtualization
General
Certification Preparation
Project Management
Posts
Groups
Training Resources
Infosec
IT & Security Bootcamps
Practice Exams
Security Awareness Training
About Us
Home
Education & Development
IT Jobs / Degrees
Anyone working as an IT risk analyst?
dingdangdoo22
Anyone working as an IT risk analyst?
Find more posts tagged with
Comments
JoJoCal19
Im an Information Security Risk Management Sr. Manager, encompassing everything governance, risk, compliance, and audit related, as well as more.
dingdangdoo22
I was going to PM you with a question but see you have it disabled.
dizzy_kitty
Can you post your question here if it's not personal? Nice to see good questions I haven't thought of asked and answered.
beads
Risk Manager among other duties as assigned or depending on the day. Today's flavor is the annual risk assessment for the organization. Really, an oxymoron unto itself. The industry is in great disagreement with itself.
- b/eads
dingdangdoo22
What sort of stuff do you do on a daily basis in risk, does it require doing up new proccess etc and lots of paperwork?
dingdangdoo22
anyone else?
McxRisley
Well what someone does on a day to day basis will depend on how their organization manages risk. Some places have many analyst and implement them VERY differently and some places may have just one single risk analyst doing everything (this HIGHLY not recommended though). Where I work we have analysts who are responsible for several packages each, I used to be one of them. A package is a system or collection of systems that all serve the same purpose, for example there may be a group of systems that are used to simulate various tests and output data. Those systems would be considered a package. As an analyst it was my job to oversee and help guide the program managers, system administrators, information systems security officers and user reps through the steps of the RMF.
There is A TON of paperwork involved with managing risk, in fact some refer to it as "document management" or "excel warrior" and not risk management lol. Most places are implementing the RMF(Risk Management Framework) these days but I have yet to see two places implement it exactly the same, everyone puts their own spin on it.
So to sum all of that up in a TL;DR version, it depends.
TechGuru80
Look at frameworks like NIST 800 series and COBIT. It depends on the environment but managing risk requires tons and tons of documentation for everything.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
