Job Title: TPRM R&C Senior Analyst
Position Overview
The TPRM R&C Senior Analyst plays a critical role in safeguarding the organization's technology landscape by proactively identifying, assessing, and mitigating risks across operational, information, and cyber security domains. This role demands a strong analytical mindset, technical acumen, and the ability to collaborate effectively with cross-functional teams to ensure robust risk governance and compliance.
Key Responsibilities
- Vulnerability Management: Lead the identification, tracking, and remediation of vulnerabilities across operating systems and penetration testing outputs. Ensure timely reporting and escalation of unresolved issues.
- Risk Identification & Assessment: Conduct comprehensive assessments to identify emerging threats and risks. Collaborate with stakeholders to drive remediation efforts and monitor progress.
- IT Security Risk Evaluation: Maintain current and accurate risk assessments for infrastructure, applications, and services. Ensure alignment with organizational risk appetite and compliance standards.
- Audit & Compliance Coordination: Facilitate the closure of audit findings by supporting operational teams and ensuring adherence to timelines and regulatory requirements.
- Security Evaluations: Perform in-depth security assessments and evaluations to validate the effectiveness of existing controls and identify areas for improvement.
- Threat Prioritization: Analyze and prioritize vulnerabilities and attack vectors based on potential impact and likelihood, enabling focused mitigation strategies.
- Security Control Oversight: Monitor the implementation and effectiveness of security controls. Develop dashboards and reports to provide visibility into risk posture and control performance.
- Stakeholder Communication: Deliver clear and actionable risk insights to technical and business stakeholders. Provide regular updates on IT risk trends, mitigation plans, and strategic recommendations.
Candidate Profile
- Experience: 23 years of hands-on experience in operational security, risk management, or related disciplines.
- Technical Expertise: Solid understanding of IT security principles, infrastructure security, and risk management frameworks such as NIST and ISO 27001.
- Skills: Proven ability to conduct risk assessments, implement security controls, and manage vulnerability remediation processes.
- Certifications (Preferred): Industry-recognized certifications such as CRISC, CISSP, or equivalent is highly desirable.
