IS Governance- Sr Analyst/Specialist
Job details
• Work with internal stakeholders – HR, Legal, Delivery Units, Cyber security, Physical Security and other teams globally through the lifecycle of Assurance services. The Assurance services include coordination and support for the following: o Audits based on ISO27001:2013, NIST CSF, NIST-800-53 and similar applicable standards, policies, laws and regulation o Business Impact Analysis o GRC along with Data Privacy /Data Protection is must. o Third-party risk management ,Risk Management • Continuously work on enhancing frameworks basis learnings and feedback received with every assurance activities • Coordinate with internal teams on measuring effectiveness of KPIs and track them till closure • Serve as subject matter expert to address audit and assessment requirements • Work on information security consulting and security assessment projects with Big 4s • Lead closure of audit observations via enterprise risk and issue management process and work with delivery and enterprise leaders for timely addressal to audit issues • Work on requirement gathering on risk management portal enhancements and drive implementation with internal development teams • Coordinate efforts with internal stakeholders to work on Compliance and documentation for architecture, logics and configurations including but not limited to maintenance of SOP, solution document and access control documents • Serve as subject matter expert on Cyber analytics tool • Drive information security controls’ implementation along with the IT team and govern through periodic follow ups and management reporting • Engaging with vendors and customers for ongoing engagements and future requirements with regards to enterprise security controls obligations and improvements • Participate diligently in status calls and review meetings with the CISO leadership team and create reports, dashboards, metrics for enterprise security compliance & assurance operations and presentation to CISO and enterprise leadership • Review and proactively recommend Information Security metrics and follow-up with SPOCs for closure • Help in identify potential threats and vulnerabilities to a company's critical functions and infrastructure, as well as assess the likelihood and impact of such threats on business operations. • Develop and deliver security awareness training concerning the programs to staff members REQUIRED EDUCATION AND EXPERIENCE: • Bachelor’s / Master’s degree in computer science, Information Security, or a related field. • Minimum of 5 years of experience in Information Security Governance. • CRISC, CISA, ISO27001:2013 Lead Implementer or Lead Auditor certification preferred. • Hands-on experience conducting ISO27001:2013 Audits or Assessments on Cybersecurity solutions such as EDR/XDR, MDM, DLP, SIEM and similar technologies. • Experience developing and implementing information security policies, standards, and procedures. • Knowledge of security frameworks such as ISO 27001, NIST, and SOC II Type II Controls. • Strong understanding of risk management and risk assessment methodologies. • Ability to communicate technical information to non-technical audiences. • Strong analytical and problem-solving skills. • Self-starter with demonstrated initiative and hands-on • Strong drive with the ability to make things happen. Comfortable in a dynamic environment. • Good communication skills and experience working with international client will be preferred.
Apply safely
To stay safe in your job search, information on common scams and to get free expert advice, we recommend that you visit SAFERjobs, a non-profit, joint industry and law enforcement organization working to combat job scams.