Information Security Analyst-Gurgaon
CWT
Gurgaon, IN
4d ago

Information Security Analyst-Gurgaon-(2100000F)

  • Participate in internal security assessments and security reviews; conduct security risk analysis of business processes and technology solutions to evaluate whether they comply with internal security policies and standards as well as regulatory / industry requirements and security best practices.
  • Support annual security compliance audits (e.g., PCI DSS, SOC 1 / SOC 2, ISO 27001 : 2013).
  • Support the third-party / vendor security risk assessment process; monitor and report on progress of third-party / vendor security risk treatment activities by business owners.
  • Support the Sales process by participating in customer-initiated security due diligence and / or vendor qualification audits, reviewing security terms in customer contracts, and helping to respond to security questionnaires and documentation requests from customers.
  • Assist with maintenance of information security program documentation consisting of information security policies, standards, and guidelines, and coordinating management ratification of policies and standards at regular intervals.
  • Participate in improving the overall Security culture across CWT; contribute to employee security awareness campaigns and educational activities to address areas of potential risk and / or gaps in compliance.
  • Qualifications

  • 2-4 years of demonstrable experience in security risk management, auditing and compliance, with a focus on supporting security risk assessments and security audit and compliance activities.
  • Good interpersonal communication skills with experience and confidence in collaborating with internal and external partners and stakeholders to develop productive relationships and achieve positive security risk management outcomes.
  • Ability to learn quickly with a willingness to take ownership for new projects and learning new technologies and methodologies.
  • Good understanding of industry standards for compliance such as ISO 27001 : 2013, PCI DSS, and SSAE 18 SOC 1 / SOC 2 attestation standards.
  • Basic understanding of risk assessment methodologies and best practices.
  • Ability and willingness to produce and maintain documentation and reports, specifically developing policies, standards, risk assessment reports, and other forms of Security Risk Management Program documentation.
  • Possess or actively seeking information security or IT audit certifications, such as CISSP, CISA, CISM CRISC, or their equivalent.
  • Report this job
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form