upGrad - Senior Associate - Information Security Risk Assessment

Job Title: Senior Associate - Information Security Risk Assessment

Roles and Responsibilities:

- Conduct comprehensive risk assessments on Cloud, SaaS, App & On-premise Infra to identify vulnerabilities and potential threats to our information systems and data.

- Collaborate with cross-functional teams to analyze security measures and propose effective risk mitigation strategies.

- Develop and maintain risk assessment methodologies, frameworks, and documentation to ensure consistent and accurate evaluations.

- Stay updated on industry best practices, emerging threats, and regulatory compliance requirements to continuously enhance the organization's security posture.

- Lead the planning, execution, and reporting of security assessments on various IT systems, applications, and network infrastructure.

- Provide guidance and mentorship to junior team members, sharing your knowledge and expertise in risk assessment methodologies and information security practices.

- Collaborate with internal and external stakeholders to communicate risk assessment findings, recommendations, and remediation plans.

- Participate in the design and implementation of security controls, policies, and procedures to prevent and mitigate security risks.

- Assist in incident response and investigation efforts, as needed, to address security incidents and breaches.

- Participate in third-party vendor risk assessments to ensure compliance with security standards and contractual agreements.

Key Skills and qualifications :

- Bachelor's degree in Information Security, Computer Science, or a related field. Master's degree is a plus.

- Professional certifications such as CISSP, CISM, CRISC, or equivalent.

- Proven experience (5+ years) in information security risk assessment, preferably in a complex and dynamic organizational environment.

- In-depth understanding of risk assessment methodologies, frameworks, and industry standards.

- Strong knowledge of IT security technologies, protocols, and practices.

- Proficiency in conducting security assessments, vulnerability assessments, and penetration testing.

- Excellent analytical and problem-solving skills, with the ability to prioritize and manage multiple tasks effectively.

- Strong communication skills to convey complex technical information to both technical and non-technical stakeholders.

- Experience with security tools such as vulnerability scanners, SIEM, and penetration testing tools.

- Knowledge of regulatory requirements such as GDPR, or industry-specific regulations & standards like ISO 27001

- A proactive approach to staying updated with the latest cybersecurity threats and trends.

- Ability to work both independently and collaboratively within a team.