Talent.com
This job offer is not available in your country.
GRC - Snr Analyst

GRC - Snr Analyst

ConfidentialBengaluru / Bangalore
30+ days ago
Job description

Primary Responsibilities :

  • In these roles, you are part analyst, engineer, and advisor. You have the ability to ramp up quickly into a solid, productive member of the Security GRC team.
  • You are organized and have the ability to innovate and automate as we continually look to improve our processes and tools. You may own process areas, projects, or technologies for governance, risk and compliance purposes.
  • You create and maintain relationships with business and technical experts through the company who provide expertise in security requirements and solution management. You are expected to work independently while still asking for help on some areas. You are a bridge builder helping to coordinate and bring together various parts of the organization around a common process through the use of tools, and communications channels.
  • Ensure compliance with laws, regulations, and industry standards, and compliance programs (e.g. SOC2, PCI, ISO 27001, NIST 800-X)
  • Create processes to support effective risk identification, evaluation, communication, and remediation
  • Participate in Risk Management Committee meetings
  • Work with risk owners to develop plans of action to reduce or mitigate risks
  • Analyzes security controls for effectiveness of design by evaluation of control documentation and process
  • Analyzes security controls for operational effectiveness by evaluation of control evidence
  • Contribute to corporate information risk management strategy, policies, standards, and tactical plans
  • Contributes to a comprehensive internal security audit program that validates existing security controls
  • Contribute to the company-wide security awareness program and compliance training
  • Coordinate annual enterprise risk assessment and PCI-self assessment activities
  • Ensure all systems, processes, and changes are formally documented
  • Works closely with internal and external auditors, regulators, and examiners, including coordination and compilation of technology documentation requests, reports, and assurance letters to ensure security compliance
  • Maintains the Risk Register and support processes to define and measure risks, then plan risk responses with company leadership
  • Ability to work collaboratively with internal and external departments, vendors, and other key stakeholders.

Skills / Requirements

Required Knowledge, Skills and Experience :

  • Bachelor s degree in a technology or business-related field (BSc or BBA preferred)
  • 8 years overall experience in Information Security, Risk Management, or IT audit

    • 5 years of hands-on experience supporting one of more of the following programs :

  • Risk Management
  • Vendor Risk Management
  • Security Audits and Compliance (especially SOC2)
  • Vulnerability Management
  • Understanding of controls and risks sufficient to identify and evaluate control effectiveness and identify gaps between risks and controls.
  • Working knowledge of business and risk assessment methodologies / mitigation strategies using industry standards (e.g., COBIT, ITIL, ISO 27001 : 2013, NIST, OWASP, etc.)
  • Very high attention to detail, with strong skills in managing / presenting data and information
  • Very strong skills in documentation, including policies, standards, processes and procedures
  • Ability to work independently and productively without constant supervision
  • Critical thinking and analytical ability
  • Excellent verbal and written communication skills

    • Preferred Knowledge, Skills and Experience :

  • Certification such as SANS GIAC, CISA, or CISSP preferred
  • Previous experience in a software development company is preferred
  • Experience using a GRC management platform (e.g. Archer, ZenGRC, etc.)

    • Skills Required

    Grc, Audit, Compliance, Vendor Risk Management

    Create a job alert for this search

    Grc Analyst • Bengaluru / Bangalore