Title: Senior Analyst - IT Security GRC
Requisition ID: 5477
Location:
Thane, MH, IN, 400604
Business Unit / Group Function: Information Technology
Work Arrangement: Onsite
Level of Experience: Executive
Senior Analyst - IT Security GRC
He / She will
- Implement security controls, risk assessment framework that align to requirements, ensuring documented and sustainable compliance.
- Evaluates risks and develops security standards, procedures, and controls to manage risks.
- Implements processes such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks. Develops reporting metrics, dashboards, and evidence artifacts.
- Defines and documents business process responsibilities and ownership of the controls. Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.
- Review and update security controls and provides support to all stakeholders covering internal assessments, regulations, protecting Personally Identifying Information (PII) data.
- Performs and investigates internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
- Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
- Trains, guides, and acts as a resource on security risk assessment functions to other departments.
- Specific Education
- Any Graduate or Master degree
- 5 to 10 years
- Profound knowledge in Governance, Risk assessment, Information systems auditing, monitoring, controlling and assessment process.
- Ability to maintain effective working relationships with service provider, project teams, and internal IT and business departments with strong communication skills and a strong ability to deal constructively with conflicting targets beyond own or team reporting line.
- English business fluent, intercultural skills to lead/ interact foreign countries team members or vendor counterparts
- knowledge in IT service delivery. Knowledge of all ITIL Processes. CISA, NIST certification would be preferred.
Skills: Risk Assessment, Itil Processes, nist, Controlling, Cisa, Governance, Monitoring, It Service Delivery
Experience: 5.00-10.00 Years