Job type full-time
Full job description
Overview: this role is based in india (partial remote) as an information security analyst, grc reporting to the srManager, governance risk & compliance (grc) and will assist in the management and reporting of all aspects of information security risk management, third-party vendor management, and operational monitoring to ensure that the organization`s information security risks are identified, well documented, and remediation plans formalized in a timely fashionResponsibilities: responsibilities:
Respond to customer security audits and questionnaires regularly
Responsible for security policy development research and stakeholder input
Partner with internal stakeholders across all business groups to support grc related initiatives and communicate back to stakeholders.
Work closely with the security team and partners to ensure that the information security program adheres to industry, government, and organizational standards.
Schedule and perform risk assessments using a defined methodology to identify, document, and communicate control deficiencies in business processes and technology systems or offices.
Partner with the business and technology to socialize security risk findings identified through the risk assessment (e.g., vendor, application, infrastructure).
Bachelor’s degree required.
Bachelor’s degree in stem preferred but not required.
Combination of adequate education and work experience.
Prior experience conducting internal and external risk assessments and providing guidance to functional teams with the implementation, monitoring, and reporting of control processes, documentation, and compliance measures and / or remediation items
Experience attaining and maintaining iso 27001, soc2 type ii, pci dss, and others
High degree of independence and exceptional work ethic with or managing a small team with a solution oriented mindset
Familiarity with core it and information security technologies
3-5 years of relevant experience is required.
Knowledge & skill:
Frameworks, regulations, and security control sets: nist cybersecurity framework (csf), iso27001, nist 800-53, pci-dss, gdpr, sox)
Security and privacy controls testing experience preferred
General it knowledge (architecture, networking, operations)
Ability to synthesize complex data, produce appropriate outcomes, and convey information designed for relevant audiences
Stakeholder and executive audience engagement and communication
Worked with common business processes and cross-departmental projects
Working familiarity with bcp/dr programs, privacy, and physical security
Exceptional interpersonal, written, and oral communication skills
Certifications or other specialized training such as, security+, ccsk, gsec, cipp/xPreferred: iso27001/li and/or iso27001/la and iso27701
Scope of impact:
May formally act as a resource and guide and instruct others incidental to performing work responsibilities.
Has personal responsibility for:
Accurate, timely, and responsive services in specialized areas.
Providing expertise in a technical or administrative capacity.
Work results that typically are not directly verified or checked by others.
Incumbent will perform internal reviews and develop risk management strategies to avoid non-complianceIdentifies and solves moderately complex procedural issues.
Problems are likely to involve some investigation and data gathering.
Sets priorities to reach goals and makes decisions on quality and accuracy.
Should suggest improvements to existing processes and solutions.
Frequent interaction within work unit on complex matters.
May have frequent customer contacts requiring tact and courtesy in complex situations.
Can identify solutions to non-standard requests.
May have to detail internal risk management matters while satisfying customer requests within the bounds of confidentiality and protecting sensitive data
Posted 30+ days ago