Security Analyst

Sonsoft , Inc. is a USA based corporation duly organized under the laws of the Commonwealth of Georgia. Sonsoft Inc. is growing at a steady pace specializing in the fields of Software Development, Software Consultancy and Information Technology Enabled Services.

• Bachelor's degree in Information Systems or equivalent work experience of a minimum of 3-5 years as an information security risk management practitioner, preferably in the financial, consulting, and/or global organizations.
• Prior work experience of risk management disciplines, security policies and standards, technology risk assessment, and third party supplier risk process and requirements.
• Current or previous experience with risk assessment methodologies and conducting risk analysis in a regulated environment or related IT audit background.
• Knowledge of security and control frameworks, such as ISO 27002, NIST, CobiT, COSO and ITIL.
• Experience with implementation of information security best practices for key areas such as access control, data protection, systems development life cycle, PCI DSS, and cloud services.
• Professional certification in risk management, and/or audit is preferred (e.g., CISSP, CRISC, CISA, or CISM).

• Demonstrate broad competency and understanding in a variety of IT security areas.
• Security Policy Development and Management.
• Assist with documenting security policies, standards, and guidelines.
• Based on the organization's requirements, maturity level, and compliance objectives.
• Facilitate, coordinate, and maintain project schedules, plans, and scope using standard project management methodologies.

• Proven ability to work with and across all levels of the organizations and navigate organizational boundaries.
• Excellent organizational, interpersonal and communication skills with strong written, oral, and presentation skills; both delivery and creation of power points (must be able to distill complex topics into simple concepts).
• Ability to effectively communicate with technical and executive audiences and develop and maintain strong peer/client/customer relationships underpinned by a service oriented approach to work.
• Adept with time management, tasks and projects prioritization, and multi-tasking.
• High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.
• High degree of initiative, attention to detail, follow-up skills, deliver on commitments, dependability and ability to work with little supervision.
• Demonstrated problem-solving skills and capability to drive process improvements.
• Proficient with Microsoft Office Suite especially Excel and Power point.

• Implement the overall risk management framework and processes, tools, and reporting methodologies on a continuous cycle.
• Develop and standardize processes and procedures for ongoing risk identification, tracking, monitoring, and evaluating security measures and remediation efforts; communicate security control deficiencies and recommend mitigation plans, report status progress and with non-compliance issues; measure adherence to the security controls from a policy, governance and risk standpoint.
• Perform third party supplier risk assessments by reviewing contracts for compliance with security policies, standards and practices; document security gaps and recommend appropriate remediation actions as necessary to minimize risks to the business.
• Assist with documenting security policies, standards, and guidelines based on the organization's requirements, maturity level, and compliance objectives.

• Planning, designing and implementing an overall risk management process for the organization.
• Risk identification, analysis, tracking, monitoring, documenting exceptions, and communicating risks to owners.
• Risk assessment, which involves analyzing risks as well as identifying, describing and estimating the risks affecting the business.
• Risk evaluation, which involves comparing estimated risks with criteria established by the organization such as costs, legal requirements and environmental factors, and evaluating the organization’s previous…