security risk analyst

• Establishing information security risk management processes; identifying and managing information security risks.
• Responsible for end-to-end risk management.
• Create maintain risk and operational risk register to ensure that all identified risk factors are accounted for.
• Ensure all registered risk are treated on time, and treatment plan should be published to all stakeholders.
• Experience in Third party Risk assessment while maintaining the risk register for the program.
• Perform risk evaluations and communicate IT security gaps impact to business and program owners.
• Drive IT security and risk assessment on program products, services, technologies, applications, and Consultants.
• Demonstrated experience in performing audit/compliance and third-party Consultant assessments.
• Experience with internal project consulting to provide compliance and security requirements and guidance.
• Assist in the improvement of risk management and Cyber Security controls.
• Support the Third-Party Senior Manager with all third-party Consultant risk assessment activities and reporting tasks.

Required Professional Experience

• Relevant experience in IT infra & Application risk domain.
• Good understanding of the IT General and Security controls for Technology Infra.
• Exposure to Global IT and Security Risk models like ISO27001/ ISO27005/ ISO31000.
• Worked on documentation of IT Policies/ Procedures.
• Good written and communication skills.

Skills/Tools Experience

• Good to have any GRC tool experience (E.g., AllGress RSA Archer, MetricStream etc.)

Academic Qualifications & Certifications

• Bachelor’s degree in engineering (BTech/B. E), MTech, MSc in IT related field.
• Desirable but not mandatory ISO 27001/ 22301/ 31000.