Sr. Analyst, Info Sec

Job Summary

Essential Job Functions

Audit coordination and evidence collection - Facilitate the collection of evidence for various audit and control activities such as PCIDSS, NIST CSF, GLBA 501-B, Sarbanes Oxley, etc. Review evidence for appropriateness and adequacy. Track and report on all evidence requests to ensure request deadlines are met. Coordinate and facilitate audit and/or control interviews as well as necessary follow up meetings between control owners and internal/external auditors. Publish meeting minutes and track action items to completion. Utilizes planning and organization tools to develop project/action plans. Meets deliverable deadlines as directed.

Payment Card Industry (PCI) Annual Audit - Possess in-depth knowledge of the PCI-DSS. Test PCI controls and work with control owners to resolve control design or operating effectiveness issues ahead of and during annual Company PCI Audit. Partner with external Qualified Security Assessor (QSA) to reduce scope and control testing where possible. Use knowledge of General IT Computing Controls and Cyber Security Tools to create PCI Compensating Control Matrices when required.

Control Coaching, Consulting, and Collaboration - Partner with IT Control Owners to identify, resolve, mitigate, or compensate for control failures identified through risk assessments, internal/external audits, or cyber security tools and processes. Develop proactive risk and control assessment strategies to stay ahead of emerging risks and regulatory requirements. Collaborate with the IT Risk Second Line of Defense and Privacy Partners when formulating strategies to maximize coverage and work paper reuse.

General Information Technology - Foundational to intermediate knowledge of IT tools and practices including, but not limited to: Networking, LDAP Directories, Vulnerability/Patch Management, Change Management, Incident Management, Server and Desktop Management, Mainframe Technologies, Encryption and Key Management, Cloud Architecture and Computing, Software Application General Computing Controls, Business Continuity/Disaster Recovery, Software Development Lifecycle, Access Management, and Cyber Security Tooling.

Metrics and Presentation Skills - Ability to produce meaningful and actionable metrics through data analysis. Conduct data analysis exercises using Excel Pivot Tables, Microsoft Access Queries, and other data driven analysis tools. Produces presentations at various levels of abstraction dependent on intended audience using Microsoft Power Point, Microsoft Visio, or equivalent tools. Intermediate to expert English writing skills expected.

Human Relations - Ability to diffuse problematic situations and manage through conflict resolution. Utilizes soft skills such as: Selective Agreement, Reflective Listening, Voice Inflection, and Empathy. Ability to take complex concepts and break down into laymen s terms or analogies that help with other s understanding. Viewed as an enabling partner that provides options or information when saying no to business or IT requests. Seen by leadership and peers as creditable, trustworthy and respectful. Utilizes subject matter expertise to guide and coach less experienced team members.

Reports to: Manager, IT Security Admin/Lead

Working Conditions/ Physical Requirements: Normal office environment. As the need of the business continue to evolve, this role may be asked to work an on-call rotation to include evenings or weekends.

Direct Reports: None

Work Shift Required : Normal Office

Work Timings: 11am to 8pm IST or 1pm to 10pm IST / Flexible to work in shifts as needed

Minimum Qualifications :

Bachelors Degree

Six or more years in Risk Management, Audit, Compliance, Information Technology

Preferred Experience :

Graduate or Post Graduate in Computer Science, Networking or Information Technology

Certifications: One or more relevant professional technical certifications (examples: CISSP, CISA, CISM, OR Security+)

Audit coordination and evidence collection - Facilitate the collection of evidence for various audit and control activities such as PCIDSS, NIST CSF, GLBA 501-B, Sarbanes Oxley, etc. Review evidence for appropriateness and adequacy. Track and report on all evidence requests to ensure request deadlines are met. Coordinate and facilitate audit and/or control interviews as well as necessary follow up meetings between control owners and internal/external auditors. Publish meeting minutes and track action items to completion. Utilizes planning and organization tools to develop project/action plans. Meets deliverable deadlines as directed.

Payment Card Industry (PCI) Annual Audit - Possess in-depth knowledge of the PCI-DSS. Test PCI controls and work with control owners to resolve control design or operating effectiveness issues ahead of and during annual Company PCI Audit. Partner with external Qualified Security Assessor (QSA) to reduce scope and control testing where possible. Use knowledge of General IT Computing Controls and Cyber Security Tools to create PCI Compensating Control Matrices when required.

Control Coaching, Consulting, and Collaboration - Partner with IT Control Owners to identify, resolve, mitigate, or compensate for control failures identified through risk assessments, internal/external audits, or cyber security tools and processes. Develop proactive risk and control assessment strategies to stay ahead of emerging risks and regulatory requirements. Collaborate with the IT Risk Second Line of Defense and Privacy Partners when formulating strategies to maximize coverage and work paper reuse.

General Information Technology - Foundational to intermediate knowledge of IT tools and practices including, but not limited to: Networking, LDAP Directories, Vulnerability/Patch Management, Change Management, Incident Management, Server and Desktop Management, Mainframe Technologies, Encryption and Key Management, Cloud Architecture and Computing, Software Application General Computing Controls, Business Continuity/Disaster Recovery, Software Development Lifecycle, Access Management, and Cyber Security Tooling.

Metrics and Presentation Skills - Ability to produce meaningful and actionable metrics through data analysis. Conduct data analysis exercises using Excel Pivot Tables, Microsoft Access Queries, and other data driven analysis tools. Produces presentations at various levels of abstraction dependent on intended audience using Microsoft Power Point, Microsoft Visio, or equivalent tools. Intermediate to expert English writing skills expected.

Human Relations - Ability to diffuse problematic situations and manage through conflict resolution. Utilizes soft skills such as: Selective Agreement, Reflective Listening, Voice Inflection, and Empathy. Ability to take complex concepts and break down into laymen s terms or analogies that help with other s understanding. Viewed as an enabling partner that provides options or information when saying no to business or IT requests. Seen by leadership and peers as creditable, trustworthy and respectful. Utilizes subject matter expertise to guide and coach less experienced team members.

Reports to: Manager, IT Security Admin/Lead

Working Conditions/ Physical Requirements: Normal office environment. As the need of the business continue to evolve, this role may be asked to work an on-call rotation to include evenings or weekends.

Direct Reports: None

Work Shift Required : Normal Office

Work Timings: 11am to 8pm IST or 1pm to 10pm IST / Flexible to work in shifts as needed

Minimum Qualifications :

Six or more years in Risk Management, Audit, Compliance, Information Technology

Preferred Experience :

Diploma or Graduate or Post Graduate in Computer Science, Networking or Information Technology

Certifications: One or more relevant professional technical certifications (examples: CISSP, CISA, CISM, OR Security+)

Other Duties

This job description is illustrative of the types of duties typically performed by this job. It is not intended to be an exhaustive listing of each and every essential function of the job. Because job content may change from time to time, the Company reserves the right to add and/or delete essential functions from this job at any time.

Job Family:

Job Type: