Location
Bangalore | India
Job description
The Cybersecurity Governance, Risk, Compliance (GRC) Senior Analyst position is responsible for managing risks related to information security, privacy, governance, vendor security assurance, policy, and compliance. Contributes to preserving the high standards of confidentiality, integrity, and availability of EagleView mission-critical information.
Conducts Cybersecurity risk assessments, evaluates controls, and provides feedback to management and process owners on the design and effectiveness of control processes. Implements and maintains on-going programs and processes to test the design and operational effectiveness of security controls.
Â
Responsible for ensuring IT assurance and compliance related activities are completed in accordance with industry standards and regulatory requirements. The position reports to the Manager, GRC, and is responsible for executing the key functions of information risk management, security compliance, governance, and information security assurance.
Primary Responsibilities:
- In these roles, you are part analyst, engineer, and advisor. You have the ability to ramp up quickly into a solid, productive member of the Security GRC team.
- You are organized and have the ability to innovate and automate as we continually look to improve our processes and tools. You may own process areas, projects, or technologies for governance, risk and compliance purposes.
- You create and maintain relationships with business and technical experts through the company who provide expertise in security requirements and solution management. You are expected to work independently while still asking for help on some areas. You are a bridge builder helping to coordinate and bring together various parts of the organization around a common process through the use of tools, and communications channels.
- Ensure compliance with laws, regulations, and industry standards, and compliance programs (e.g. SOC2, PCI, ISO 27001, NIST 800-X)
- Create processes to support effective risk identification, evaluation, communication, and remediation
- Participate in Risk Management Committee meetings
- Work with risk owners to develop plans of action to reduce or mitigate risks
- Analyzes security controls for effectiveness of design by evaluation of control documentation and process
- Analyzes security controls for operational effectiveness by evaluation of control evidence
- Contribute to corporate information risk management strategy, policies, standards, and tactical plans
- Contributes to a comprehensive internal security audit program that validates existing security controls
- Contribute to the company-wide security awareness program and compliance training
- Coordinate annual enterprise risk assessment and PCI-self assessment activities
- Ensure all systems, processes, and changes are formally documented
- Works closely with internal and external auditors, regulators, and examiners, including coordination and compilation of technology documentation requests, reports, and assurance letters to ensure security compliance
- Maintains the Risk Register and support processes to define and measure risks, then plan risk responses with company leadership
- Ability to work collaboratively with internal and external departments, vendors, and other key stakeholders.
Skills/Requirements
Required Knowledge, Skills and Experience:
- Bachelor s degree in a technology or business-related field (BSc or BBA preferred)
- 8 years overall experience in Information Security, Risk Management, or IT audit
5 years of hands-on experience supporting one of more of the following programs:
- Risk Management
- Vendor Risk Management
- Security Audits and Compliance (especially SOC2)
- Vulnerability Management
- Understanding of controls and risks sufficient to identify and evaluate control effectiveness and identify gaps between risks and controls.
- Working knowledge of business and risk assessment methodologies/ mitigation strategies using industry standards (e.g., COBIT, ITIL, ISO 27001:2013, NIST, OWASP, etc.)
- Very high attention to detail, with strong skills in managing/presenting data and information
- Very strong skills in documentation, including policies, standards, processes and procedures
- Ability to work independently and productively without constant supervision
- Critical thinking and analytical ability
- Excellent verbal and written communication skills
Preferred Knowledge, Skills and Experience:
- Certification such as SANS GIAC, CISA, or CISSP preferred
- Previous experience in a software development company is preferred
- Experience using a GRC management platform (e.g. Archer, ZenGRC, etc.)
Job tags
Salary
