Senior Security Analyst - RISK

Role & responsibilities

Role : Senior Security Analyst - RISK

Company : Feuji Software Solutions Pvt Ltd.,

Mode of Hire : Permanent Position

Experience : 8 12 years

Work Location : Hyderabad

About Feuji

Feuji, established in 2014 and headquartered in Dallas, Texas, has rapidly emerged as a leading global technology services provider. With strategic locations including a Near Shore facility in San Jose, Costa Rica, and Offshore Delivery Centers in Hyderabad, Vizag, and Bangalore, we are well-positioned to cater to a diverse clientele. Our team of 400 talented engineers drives our success, delivering innovative solutions to our clients and contributing to our recognition as a 'Best Place to Work For.'

We collaborate with a wide range of clients, from startups to industry giants in sectors like Healthcare, Education, IT, and engineering, enabling transformative changes in their operations. Through partnerships with top technology providers such as AWS, Checkpoint, Gurukul, CoreStack, Splunk, and Micro Focus, we empower our clients' growth and innovation. With a clientele including Microsoft, HP, GSK, and DXC Technologies, we specialize in managed cloud services, cybersecurity, Product and Quality Engineering Services, and Data and Insights solutions, tailored to drive tangible business outcomes.

Our commitment to creating 'Happy Teams' underscores our values and dedication to positive impact. Feuji welcomes exceptional talent to join our team, offering a platform for growth, development, and a culture of innovation and excellence.

Location: Hyderabad

Overview

A highly skilled and experienced Lead Security Risk Analyst to join our team. In this role, you will be responsible for assessing and
managing the security risks associated with our organizations internal systems, cloud systems, third-party vendors and partners. You
will play a critical role in ensuring the security and integrity of our systems, data, and operations by conducting comprehensive risk
assessments and implementing effective risk mitigation strategies.

Key Responsibilities

• Conduct security risk assessments of identified issues and proposed system changes to evaluate their
  security controls, practices, and overall risk posture.
• Conduct thorough assessments of third-party vendors and partners to evaluate their security controls,
  practices, and overall risk posture.
• Identify and analyze potential security risks and vulnerabilities associated with third-party
  relationships, considering factors such as data confidentiality, integrity, availability, compliance, and
  business continuity.
• Collaborate with cross-functional teams, including Legal, Procurement, IT, and Compliance, to
  establish and enforce third-party risk management policies, procedures, and standards.
• Develop and maintain a comprehensive inventory of all third-party relationships, including risk
  profiles, assessment findings, and remediation plans.
• Perform ongoing monitoring and due diligence of third-party vendors to ensure their adherence to
  contractual obligations and security requirements.
• Stay abreast of emerging security threats, industry best practices, and regulatory requirements related
  to third-party risk management.
• Advise and provide guidance to business units on the selection and engagement of third-party
  vendors, ensuring adequate security controls are in place.
• Collaborate with internal stakeholders to implement and improve processes and tools for efficient
  third-party risk assessment and management.
• Conduct periodic reviews and audits of third-party vendors to evaluate their ongoing compliance with
  security requirements and contractual obligations.
• Prepare and present comprehensive reports and recommendations to senior management, highlighting
  key risks, vulnerabilities, and remediation strategies.

Education, Skills, Abilities, Experience

• Bachelor's degree in Computer Science, Information Security, Risk Management, or a related field.
  Training Requirements (licenses, programs, or certificates):
  • Relevant certifications such as CISSP, CISA, CRISC, or equivalent is highly desirable.

Experience:

• 8+ years of experience in performing security risk assessment, third-party risk management, vendor risk assessment, or information security risk analysis, preferably in a senior or leadership role.
• In-depth knowledge of security frameworks, standards, and regulations such as ISO 27001, NIST, GDPR, CCPA, etc.
• Strong understanding of information security principles, practices, and technologies, with a focus on third-party risk management.
• Demonstrated knowledge of relevant privacy and data protection regulations, as well as familiarity with industry standards for security and risk management.
• Experience in conducting risk assessments, vulnerability assessments, and penetration testing of third-party systems and networks.
• DocuSign Envelope ID: 2428CAFB-7AEF-45FE-ADF4-C2E929C3870EBAP Req approval for global hiring in Greenhouse
• Familiarity with security tools and technologies used for third-party risk management, such as GRC platforms, ProcessUnity, vulnerability scanners, and risk assessment tools.
• Experience with Vulnerability management, threat intelligence, fraud, physical security, cloud, application security/SDLC or emerging tech is a plus.
• Excellent analytical and problem-solving skills, with the ability to assess and prioritize risks effectively.

Other Knowledge, Skills and Abilities:

• Excellent written and verbal communication skills, interpersonal and collaborative skills.
• An understanding of business needs and dedication to delivering high-quality, timely, and efficient
  service to the business.
• Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts,
  effectively assessing the priority and time required to complete each part.
• An ability to work on several tasks simultaneously and pay attention to sources of information from
  inside and outside ones network within an organization.
• An ability to effectively collaborate across multiple teams and ensure program needs are satisfied
  through interpersonal and trusted communication.