Job Title : Senior Information Security Analyst
Department : IT Security
Reports To : Manager- Information Security
Job Description :
This Role is primarily responsible for performing risk assessments, third-party reviews, internal audits, information security control, and system review and design.
The successful candidate should have broad information security and risk experience, a high degree of professionalism, friendly and collaborative demeanor, and have strong verbal, written, and organizational skills.
This position typically reports to the Manager of Information Security
Responsibilities include but not limited to, the following :
Research, collect and analyze data to perform risk analysis and remediation
Perform reviews of Third Parties to identify risks and potential remediation
Generate reports and executive summaries of Third-Party assessments
Participate in audit functions and perform control effectiveness reviews
Act as part of a team responsible for HID Global security architecture
Prepare security reports by collecting, analyzing, and summarizing data and trends
Review proposed information systems and related technologies
Conduct Information Security Internal audits as per the standard & other requirements
such as ISO 27001.
Reports on key metrics and findings.
Conducts risk assessments on vendors and internal applications.
Collaborates with development and other functional areas to address vulnerabilities
within systems / applications.
Stay abreast of related emerging technologies and threats
Other duties as assigned
Minimum 6-9 years of experience in information security risk and compliance
Familiarity with ISO 27001 : 2013, NIST 800 series, NIST CSF, SOC 2, FedRamp and related risk assessment Methodologies
Good knowledge of enterprise network and systems architecture concepts and technologies, including but not limited to an enterprise directory, enterprise integration architecture, and Identity & access management
Thoroughknowledge and understanding of security risk assessment on all information systems such as people, process, technology, and information processing facilities
knowledge on cloud security
Prepare risk assessment report and risk treatment plan.
Conduct Information security awareness sessions to end users / middle management.
Certification such as CISSP / CISA / CISM / CRISC / ISO27001 / AWS Security Cloud Certifications will be an added advantage.
Should be a self-starter and lead the risk analysis in assigned areas with minimum supervision.
Strong technical and / or management background in technical systems / environments.
Strong written and verbal communication skills
Ability to develop good working relationships and excellent interpersonal skills
Capable of working independently and as part of a team.