Description
We are looking to hire an Information Security Analyst who will be responsible for establishing and maintaining the organization information security management system to ensure that information assets are adequately protected. You will be required to identify, evaluate and report on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.
Responsibilities
Implement, maintain, and continuously improve the effectiveness ISMS within the local reporting unit.
Support service delivery in local reporting unit in preparation for client assessments or industry specific certification and compliance audits as ISO27001, PCI DSS, SSAE, etc.
Performs business impact and risk impact analysis and operational security risk assessments
Ensure compliance and effectiveness of controls by conducting periodic compliance assessments and internal audits.
Facilitate the development of corrective action and remediation plans for the identified gaps, issues, risks or vulnerabilities. Ensure that all committed resolutions to audit findings, risks and security incidents are monitored, reviewed, resolved and reported on timely manner.
Develop consultative relationships with different departments to educate them on Majorel’s risk management framework, exception process and promote adherence to company policies, contractual and regulatory requirements.
Engage proactively in business transitions, local projects and/or initiatives in order to identify potential compliance and security risks.
Support the local implementation of global and regional security education, training and awareness programs.
Work cross-functionally and represent the Information Security Organization in discussions with different stakeholders and extend assistance to educate relevant users on how to comply to the different information security and data protection policies of the company
Facilitate the investigation of a potential or actual security breaches, assist in the development and implementation of corrective action plans, research root cause and document the entire investigation process according to policy/procedure.
Conducts security incident response training and exercise within the local unit and designated client accounts.
Support the implement of business continuity processes within the local scope and assist in testing activities.
Assist with integrating information security policy, standards, contractual and regulatory compliance requirements into the organization processes.
Prepare proposals in cooperation with Sr. ISO to improve the security posture of the local reporting unit and brings them to the attention of the management during regular reporting cycle or whenever necessary;
Liaise with other Majorel functions, including Key and Technical Account Management, Audit, Risk and Compliance, Data Privacy Office, BCM, Security Operations Center, Project Management Office to ensure the risk management process is efficient and effective.
Fulfill other tasks related to the position as required
Requirements
Minimum 4 years of progressive professional experience in Information Security compliance, data protection, security audit and risk management preferably in the BPO industry
Bachelor’s degree in Information Technology, Computer Science, Administration Management or equivalent
Familiar with different regulations and standards related to information security and data protection (e.g. ISO27001, PCI DSS, SSAE, COBIT, etc.)
Preferably a certified information security professional, relevant certifications are CISM (Certified Information Security Manager), CRISC (Certified Risk and Information System Control), CISA (Certified Information System Auditor), ISO/IEC 27001 Information Security Officer or ISO/IEC 27001 Lead Auditor and CISSP (Certified Information Systems Security Professional)
Personal Attributes
Proactive, confident and motivated.
Strong bias for action, a keen sense of urgency and ability to drive results.
Logical Thinking
Apply via :
