Job Title: Senior Associate - Information Security Risk Assessment
Roles and Responsibilities:
- Conduct comprehensive risk assessments on Cloud, SaaS, App & On-premise Infra to identify vulnerabilities and potential threats to our information systems and data.
- Collaborate with cross-functional teams to analyze security measures and propose effective risk mitigation strategies.
- Develop and maintain risk assessment methodologies, frameworks, and documentation to ensure consistent and accurate evaluations.
- Stay updated on industry best practices, emerging threats, and regulatory compliance requirements to continuously enhance the organization's security posture.
- Lead the planning, execution, and reporting of security assessments on various IT systems, applications, and network infrastructure.
- Provide guidance and mentorship to junior team members, sharing your knowledge and expertise in risk assessment methodologies and information security practices.
- Collaborate with internal and external stakeholders to communicate risk assessment findings, recommendations, and remediation plans.
- Participate in the design and implementation of security controls, policies, and procedures to prevent and mitigate security risks.
- Assist in incident response and investigation efforts, as needed, to address security incidents and breaches.
- Participate in third-party vendor risk assessments to ensure compliance with security standards and contractual agreements.
Key Skills and qualifications :
- Bachelor's degree in Information Security, Computer Science, or a related field. Master's degree is a plus.
- Professional certifications such as CISSP, CISM, CRISC, or equivalent.
- Proven experience (5+ years) in information security risk assessment, preferably in a complex and dynamic organizational environment.
- In-depth understanding of risk assessment methodologies, frameworks, and industry standards.
- Strong knowledge of IT security technologies, protocols, and practices.
- Proficiency in conducting security assessments, vulnerability assessments, and penetration testing.
- Excellent analytical and problem-solving skills, with the ability to prioritize and manage multiple tasks effectively.
- Strong communication skills to convey complex technical information to both technical and non-technical stakeholders.
- Experience with security tools such as vulnerability scanners, SIEM, and penetration testing tools.
- Knowledge of regulatory requirements such as GDPR, or industry-specific regulations & standards like ISO 27001
- A proactive approach to staying updated with the latest cybersecurity threats and trends.
- Ability to work both independently and collaboratively within a team.
Didn’t find the job appropriate? Report this Job