15h Left: GRC Analyst

Job Description

Role & responsibilities

- Act as the first line of analysis (L1) to validate that a proposed cybersecurity risk meets criteria for tracking, treatment, and monitoring.
- Identify and appropriately elevate proposed cybersecurity risks that required more detailed and/or tailored analyses by Level 2 cybersecurity technical subject matter experts (L2).
- Recommend and implement appropriate measures to treat risks that reduce potential impacts on information resources to a level acceptable to the senior management of the company.
- Identify and report on new and emerging security risks and risk trends, including participating in risk-treatment discussions and updates to compliance policy and standards.
- Fully understand business requirements and work with cybersecurity business area representatives to define appropriate solutions that satisfy security objectives while meeting business needs.
- Perform first level analysis of app sec controls using the reports from cyber security tools like Wiz , Qualys, Seemplicity, Axonious etc , splunk (coverage perspective); BurpSuite, etc.
- Participate in reviewing application with security architecture and engineering team
- Participate in defining Cyber Security KPIs from GRC perspective like cloud security index , app security index , database security index , TPRM Index
- Participate in the review of changes in processes, standards, and technology to ensure the effectiveness of security controls to meet compliance requirements.
- Support continuous improvements in cybersecurity risk management.

How You Will Succeed:

- Efficiently and effectively triage proposed cybersecurity risks.
- Collaborate with cybersecurity subject matter experts to develop patterns for risk analysis and risk treatments.
- Provide insights to support ongoing monitoring and visibility of cybersecurity risks to relevant stakeholders.
- Proactively identify process improvements to ensure ongoing and robust communication of cybersecurity risk.

What You Should Bring:

- Prior cybersecurity, quality, risk management, and/or audit experience.
- Knowledge of cybersecurity frameworks, standards, and regulations (e.g., NIST, ISO, HIPAA, etc.).
- Ability to effectively communicate with technical and non-technical resources.
- Ability to work with minimal guidance and to recognize when guidance is needed.
- Ability to identify opportunities to incorporate automation into existing processes for enhanced efficiency.
- Expertise in analyzing vendor-submitted evidence to uncover potential issues or discrepancies.
- Relevant certifications such as CISSP, CISM, or GIAC are a plus.

Your Basic Qualifications:

- Bachelors degree in computer science, management information systems, business administration, information security/assurance, or an equivalent field of study.
- 3-4 years of experience in information security, with a focus on assessment or compliance.
- Working experience/focus on Risk Assessments & Compliance
- Proven track record of managing and monitoring cyber risks.
- Experience working in a global, multi-cultural environment, with the ability to effectively collaborate with teams across different regions and time zones.
- Excellent communication skills, with the ability to convey technical concepts to non-technical stakeholders.
- Good to haveAravo, Archer expertise OR other GRC tools (Risk Management tools)
- Good to have knowledge on security domains like vulnerability management , Identity access management , network security , cloud security, logging and monitoring

Role:System Analyst

Industry Type:Pharmaceutical & Life Sciences

Department:IT & Information Security

Employment Type:Full Time, Permanent

Role Category:IT Infrastructure Services

Education

UG:Any Graduate, B.Tech/B.E. in Any Specialization

---