Information Security Risk Analyst

Objectives

help to raise a security culture and focus on driving advances to the security posture at best practices and standards, specifically to ISO27001, GDPR, and NIST.

Accountabilities

TASKS

• Support the identification, analysis, and governance of information security risks across the organization.
• Coordinate with stakeholders to align on a solution and oversee remediation of findings from self-assessments and/or third-party audit.
• Develop, enhance, and maintain Key Risk Indicator (KRI) framework and reporting.
• Conduct compliance Gap Assessment & Analyst.
• Works with third-Party auditors to facilitate assessments.

• Develop and implement security policies and procedures.
• Facilitating risk assessment exercises.
• Understanding information security risks and assessing mitigation strategies.
• Perform access reviews on Business application access, infrastructure application access or any other special access provided to the users.
• Gather information related to current information security vulnerabilities across the organisation by reviewing security/vulnerabilities assessments and penetration testing reports delivered by 3rd parties and reflect findings while identifying risks.

Position Relationship with Other Parties

Internal Relationship

Working Environment

The position follows the normal working environment of the organization.

• Indoor:
• Outdoor:

Competencies & Skills

• Strong knowledge of risk and controls.
• Strong knowledge in identifying and assessing Information Security risk and development of appropriate strategies to mitigate risk.
• Knowledge of ISO 27001, NIST, SWIFT, PCI DSS and other information security standards and regulations is preferred.
• Excellent team player.

Job Requirements

Education:

Graduate degree in Computer Science/ Engineering/ IT.

Experience:

2-4 years