Security Analyst; In-Persons

Son Soft Inc. is a USA based corporation duly organized under the laws of the Commonwealth of Georgia. Son Soft Inc is growing at a steady pace specializing in the fields of Software Development, Software Consultancy and Information Technology Enabled Services.

• Implement the overall risk management framework and processes, tools, and reporting methodologies on a continuous cycle.
• Develop and standardize processes and procedures for ongoing risk identification, tracking, monitoring, and evaluating security measures and remediation efforts; communicate security control deficiencies and recommend mitigation plans, report status progress and with non-compliance issues; measure adherence to the security controls from a policy, governance and risk standpoint.
• Perform third party supplier risk assessments by reviewing contracts for compliance with security policies, standards and practices; document security gaps and recommend appropriate remediation actions as necessary to minimize risks to the business.
• Assist with documenting security policies, standards, and guidelines based on the organization's requirements, maturity level, and compliance objectives.
• Facilitate awareness communications to various audiences, coordinate, and maintain project schedules, plans, and scope using standard project management methodologies.

Daily Task Performed:

-

• Planning, designing and implementing an overall risk management process for the organization;
• Risk identification, analysis, tracking, monitoring, documenting exceptions, and communicating risks to owners
• risk assessment, which involves analyzing risks as well as identifying, describing and estimating the risks affecting the business;
• risk evaluation, which involves comparing estimated risks with criteria established by the organization such as costs, legal requirements and environmental factors, and evaluating the organization's previous handling of risks;
• establishing and quantifying the organization's 'risk appetite', i.e. the level of risk they are prepared to accept;
• risk reporting in an appropriate way for different audiences, for example, to the board of directors so they understand the most significant risks, to business heads to ensure they are aware of risks relevant to their parts of the business and to individuals to understand their accountability for individual risks;
• corporate governance involving external risk reporting to stakeholders;
• carrying out processes such as purchasing insurance, implementing health and safety measures and making business continuity plans to limit risks and prepare for if things go wrong;
• conducting audits of policy and compliance to standards, including liaison with internal and external auditors;
• providing support, education, and training to staff to build risk awareness within the organization
• maintaining current documentation of all related activities for GRC Unit

Musts

• Bachelor degree in Information Systems or equivalent work experience of a minimum of 3-5 years as an information security risk management practitioner, preferably in the financial, consulting, and/or global organizations
• Prior work experience of risk management disciplines, security policies and standards, technology risk assessment, and third party supplier risk process and requirements
• Current or previous experience with risk assessment methodologies and conducting risk analysis in a regulated environment or related IT audit background
• Knowledge of security and control frameworks, such as ISO 27002, NIST, CobiT, COSO and ITIL
• Experience with implementation of information security best practices for key areas such as access control, data protection, systems development life cycle, PCI DSS, and cloud services
• Professional certification in risk management, and/or audit is preferred (e.g., CISSP, CRISC, CISA, or CISM)

Business

Experience:

-

• Proven ability to work with and across all levels of the organizations and navigate organizational boundaries
• Excellent organizational, interpersonal and communication skills with strong written, oral, and presentation skills; both delivery and creation of power points (must be able to distil complex topics…