Facebook is seeking an experienced Information Security Assessment Analyst to join the Information Security team. This position will be responsible for conducting security risk assessments against first-party/internal information systems and applications, making reasonable and defensible recommendations, and tracking progress on remediation until closure. An ideal candidate is someone that has technical knowledge of the broad aspects of information security, and is able to identify security deficiencies not based on any frameworks or guidelines, but based on the actual risk posed to Facebook and its users. This is not a ‘check the box’ or ‘apply compliance standards’ position. This role requires a broad mix of technical and business acumen coupled with polished communication and a strong desire to learn. Some travel may be required.
Security Assessment Analyst Responsibilities
- Independently perform risk-based security reviews of Facebook internal systems, applications, and third party integrations
- Articulate security findings to internal to a variety of stakeholders, including both technical and non-technical stakeholders
-
Provide defensible recommendations on technical, physical and administrative control implementations based on assessment findings while balancing the cost versus benefits
-
Negotiate acceptance of remediation plans and timelines based on level of risk associated with a finding
- Responsible for third party security, vendor access and incident management
- Participate in the development and oversight of corrective actions relating to security issues
- Compile and report out security risk and operational metrics
- Participate in cross-functional, team, and status review meetings
- Recommend process improvement and strategic initiatives as related to security assessment
- Have been driving or engaged in security audits for external vendors or customers
