Senior Analyst - Information Security

2-5 Years

Save

Early Applicant

Job Description

Description

Roles and Responsibilities:

Information Security – Assurance Service

Coordinate Information Security support for prospect calls, ensuring swift responses in competitive scenarios.
Manage Jira requests, ensuring proper ticket handling and effective communication with stakeholders.
Handle initial assignment and reassignment of tickets, ensuring closure and professional engagement with the Security Analyst team.
Coordinate Security Assessments (SOC1, SOC2, PCI DSS, etc) with internal stakeholders and external audit organizations.
Communicate effectively with internal business process owners, promptly closing tickets with clear and professional responses.
Identify and capture risk concerns, mapping audit evidence to NIST controls.
Ensure all activities are properly documented, tickets are communicated professionally, and documentation is organized efficiently.
Develop and document processes for the entire team, managing adherence to evolving governance, risk and compliance (GRC) requirements.
Experience with GRC tools, and other reporting or Audit tools, ensuring continuous improvement for the overall Information Security function.
Responsible for new hire training and ongoing, up-to-date training for the larger Enterprise security team to meet compliance requirements.
Assist with required GRC and audit tasks or activities such as assisting with audit evidence collection e.g., SOC2, SOC1, PCI, etc.
Manage & maintain the information security policies aligned with NIST cybersecurity frameworks.

General Responsibilities

Organize and update delivery team content on the Information Security page, facilitating access and information sharing for new employees.
Organize SharePoint folders for easy access to Service Management information.
Review and update the Operating Procedure, ensuring alignment with the team's evolving needs.
Update the Assurance section of the weekly Control Report and present relevant information during management calls.
Identify ongoing training for team members, stay informed about security conferences, and educating the team on relevant tools.

Requirements

Strong Communication (Verbal and Written) and presentation skills.
Self-starter that can effectively operate at a high level under limited supervision.
Bachelor's/Master's in Engineering/Cybersecurity or equivalent.
CISA, CISM, CISSP certifications would be an added advantage.
Knowledge of NIST Risk Management Framework (RMF), and related GRC tools.
Ability to prioritize tasks, make quick decisions, and a strong understanding of security controls and governance.
2 - 5 years of experience in Information Security or ITGC auditee/auditor function handling complex requests and audit responses.
Previous management experience would be a plus.
A strong understanding of cybersecurity principles, concepts, and best practices.
Familiarity with compliance frameworks or standards such as NIST, GDPR, SOC 1 and SOC 2, and PCI DSS service providers is an added advantage.
Ability to understand prioritize and escalate tasks to resolve issues quickly and make decisions.