Information Security Analyst - Risk Assessment Team

Role Description:

Information Security Risk Analyst - TDI CSO

The Technology Data Innovation (TDI) Chief Security Office (CSO) comprises both Corporate Security and Information Security. We run security operations globally to protect the banks people, infrastructure, processes, and information.

CSO Governance and Control conducts proactive Information Security (IS) controls assess ability and applicability reviews for the emerging technologies to design adaptable IS assessment framework to appropriately assess the security requirement for relevant applications and infrastructures.

The Information Security Analyst role holder is responsible for supporting the execution of the Information Security strategy. The Information Security Analyst provides data and analysis to measure the effectiveness of Information Security controls across group wide products and services. The Information Security Analyst identifies and evaluates potential areas of Information Security threats by assessing the probability and impact and facilitates feedback for mitigation.

Roles within Information Security may cover one or more areas of specialty, e.g. Identity & Access Management (which may include, for example, authentication; access management & control; recertification etc.); Information Security (IS) Operations (which may for example include, cyber threat operations; cyber forensics, protection against data leakage etc.) and IS Technology (which may include IS architecture, IS engineering, cryptographic services etc.)

What we'll offer you:

As part of our flexible scheme, here are some of the benefits that you will enjoy.

• Best in class leave policy.
• Gender neutral parental leaves
• 100% reimbursement under childcare assistance benefit (gender neutral)
• Sponsorship for Industry relevant certifications and education
• Employee Assistance Program for you and your family members
• Comprehensive Hospitalization Insurance for you and your dependents
• Accident and Term life Insurance
• Complementary Health screening for 35 yrs. and above

Your key responsibilities

• Review Risk Assessment (Application/Technical Risk profile) and Assurance spot checks for Compliance evaluation of IS controls (e.g., IS/Cloud/SOx/MAS/Client Access Management/other regulatory controls)
• Analysis and verification of compliance issues. Analyze and identify root causes.
• Collect and review evidence (e.g., from de-centrally managed applications)
• Communicates openly with internal stakeholders; keeps them informed of potential findings and escalate problems/delays accordingly.
• Acts as a competent partner to stakeholders in the closure process of findings and remediation activities.
• Provide and prepare data / reports for stakeholders and management communication.
• Conduct application risk assessments and support business stakeholders to determine the CIA ratings.
• Focus on utilizing the capacity in an efficient and effective manner.
• Proactively develop and maintain professional working relationships with the CSO function and stakeholders Represent the process and provide inputs / suggestion with any challenges faced to improve the quality.
• Improvement and documentation of operational tracking activities
• Raise Business Requirements to Central Solutions run by other CSO teams.

Your skills and experience

• Work experience in the Information Technology area / Information security area
• Practical experience in Governance or Compliance Monitoring beneficial.
• Knowledge about basic principles of Risk, Identity and Access Management beneficial
• Certifications in ISO 27001 or on information security (e.g., CISSP, CISA) would be beneficial.
• Effective communication and strong interpersonal skills in English (verbal and written). German language would be beneficial.
• Positive attitude and proactive behavior with diligence and precision
• Self-driven, eager to learn, well organized collaborator to integrate with heterogeneous teams.
• Structured way of thinking and working with good analytical and critical thinking skills
• Ability to monitor, track and clearly communicate progress, escalate issues when appropriate, not shunning to address issues to higher management levels.
• Experience in Excel (advanced), added advantage to languages such as Python/VB/SQL etc.,

How we'll support you:

• Training and development to help you excel in your career.
• Coaching and support from experts in your team
• A culture of continuous learning to aid progression.
• A range of flexible benefits that you can tailor to suit your needs.