Senior Analyst - Information Security

Description

Roles and Responsibilities:

 

Information Security – Assurance Service
-    Coordinate Information Security support for prospect calls, ensuring swift responses in competitive scenarios.
-    Manage Jira requests, ensuring proper ticket handling and effective communication with stakeholders.
-    Handle initial assignment and reassignment of tickets, ensuring closure and professional engagement with the Security Analyst team.
-    Coordinate Security Assessments (SOC1, SOC2, PCI DSS, etc) with internal stakeholders and external audit organizations.
-    Communicate effectively with internal business process owners, promptly closing tickets with clear and professional responses.
-    Identify and capture risk concerns, mapping audit evidence to NIST controls.
-    Ensure all activities are properly documented, tickets are communicated professionally, and documentation is organized efficiently.
-    Develop and document processes for the entire team, managing adherence to evolving governance, risk and compliance (GRC) requirements.
-     Experience with GRC tools, and other reporting or Audit tools, ensuring continuous improvement for the overall Information Security function.
-    Responsible for new hire training and ongoing, up-to-date training for the larger Enterprise security team to meet compliance requirements.
-    Assist with required GRC and audit tasks or activities such as assisting with audit evidence collection e.g., SOC2, SOC1, PCI, etc. 
-    Manage & maintain the information security policies aligned with NIST cybersecurity frameworks.

 

General Responsibilities
-    Organize and update delivery team content on the Information Security page, facilitating access and information sharing for new employees.
-    Organize SharePoint folders for easy access to Service Management information.
-    Review and update the Operating Procedure, ensuring alignment with the team's evolving needs.
-    Update the Assurance section of the weekly Control Report and present relevant information during management calls.
-    Identify ongoing training for team members, stay informed about security conferences, and educating the team on relevant tools.

 

Requirements
-    Strong Communication (Verbal and Written) and presentation skills.
-    Self-starter that can effectively operate at a high level under limited supervision.
-    Bachelor’s/Master’s in Engineering/Cybersecurity or equivalent.
-    CISA, CISM, CISSP certifications would be an added advantage.
-    Knowledge of NIST Risk Management Framework (RMF), and related GRC tools.
-    Ability to prioritize tasks, make quick decisions, and a strong understanding of security controls and governance.
-    3 - 6 years of experience in Information Security or ITGC auditee/auditor function handling complex requests and audit responses.
-    Previous management experience would be a plus.
-    A strong understanding of cybersecurity principles, concepts, and best practices.
-    Familiarity with compliance frameworks or standards such as NIST, GDPR, SOC 1 and SOC 2, and PCI DSS service providers is an added advantage.
-    Ability to understand prioritize and escalate tasks to resolve issues quickly and make decisions.