The Senior Cybersecurity Analyst will manage IT risks using formalized IT Risk Management framework. The Senior Analyst will plan and implement policies, procedures, standards, and controls to govern the protection of corporate information systems, networks, and data. The Senior Analyst will stay up-to-date on the latest cybersecurity intelligence, including hackers' methodologies, in order to modify standards and controls that govern cybersecurity across the corporation.
Key Responsibilities:
• Perform cybersecurity and compliance risk assessments on new and existing systems, processes, technology.
• Update policies, procedures and standards, in accordance to relevant regulations/laws and Industry Best Practices, and perform risk assessment on exceptions against policies, procedures and standards.
• Support vendor due-diligence process and help to lead and define overall vendor risk management efforts.
• Work with various business units to ensure controls are adequate, appropriate, and effective.
• Support internal and external audit process for relevant compliance concerns including IT General, Application and Process Controls.
• Participate in disaster recovery and business continuity planning, and periodic cyber drill.
• Perform business impact analysis and assist with development of IT/InfoSec risk register.
• Interface with Global IT and business partners to provide guidance and support.
• Perform periodic gap assessments to validate compliance on an ongoing basis.
• Plan and rollout security awareness program targeting at different groups of users including end users, senior management and vendors.
• Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.
• Ready to take on addition responsibilities and roles such as cybersecurity project implementation, Security Operation, Purple Team and etc.
The ideal candidate will have:
• Security certifications such as CIPP, CISA, CISM, CSIR or ISO27001 Lead Auditor
• Experience in Implementing security controls, risk assessment framework, and program that align to regulatory requirements
• At least 5 years of IT and operation experiences, and cybersecurity experiences such as GRC, IT Audit and IT Security Consultancy.
• Bachelor's degree relevant to Information Technology, Computer Science/Engineering (or equivalent)
• Experience on various technologies such as Microsoft, Azure and SAP
• Deep domain knowledge, ideally with experience with global exposure and strong understanding knowledge of cloud computing.
• Cloud solution provider certification such as Azure will be a bonus.
Technical Skills & Knowledge:
• Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts.
• Defines and documents business process responsibilities and ownership of the controls in GRC tool. Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.
• Knowledge on industry standards such as ISO27001, COBIT, NIST, CIS, CSA, OSWAP, GDPR and etc.
• Performs and investigates internal and external cybersecurity risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
• Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
x
