Information Risk Management Analyst I
Work with the Business and IT Support teams to ensure all new applications and systems , or major changes for the existing ones are deployed in production with the required information security controls, as defined in the company's standards.
1. Experience within a combination of relevant technical disciplines in the field of Information Security and Information Risk Management – can include technical assessment, vendor assessment, network security (including platform, application etc.), vulnerability management, and information protection.
2. Understand the business requirements and respond accordingly from information security standpoint.
Strong understanding of each phase of the SDLC and project delivery under Agile methodologies.
3. Working knowledge and experience in the following areas:
• Cloud computing security in IaaS, PaaS or SaaS environments.
• Big Data platforms and tools (Hadoop, HDFS, YARN, Hive, Spark, Sqoop, etc.)
• Data integration patterns, involving ODBC/JDBC, APIs, Web Services, and RDBMS and files as source systems
• Risk assessments, security controls definition, control procedure appropriateness, security capabilities identification.
• Security frameworks (e.g. ISO 27001, COBIT), laws and standards (e.g. NIST, GDPR, Sarbanes-Oxley).
• Professional certification(s) (CISSP, CCSP, CRISC, CISM, GIAC)
• Project management designation.
• Ability to work independently and as part of a team, managing multiple priorities within tight deadlines.
• Good verbal and written communication, facilitation and interpersonal skills.
• Influence behavior to reduce risks and foster a strong information security risk management culture.