Grc Analyst

Role & responsibilities

Location: India - Bangalore Office - Hybrid

Budget: 30 LPA

Duties:

• Perform vendor risk assessments against all security domains
• Perform technical implementation assessments from a security perspective related to vendor integrations (i.e. API integrations, SFTP integrations, etc.) to validate the secure implementation of the third party service at PANW
• Maintain and expand Customer Trust knowledge base
• Support PANW customer security assessment requests
• Support PANW customer audits

  Skills:

  Excellent understanding and practical application of industry security frameworks including SANS Critical Security Controls, CIS Controls, ISO 27001, NIST SP 800-53, PCI DSS, and SOC2.
• Great understanding of IT control frameworks (COBIT) and IT general controls
• Strong knowledge of information security concepts, risk and controls concepts
• Strong knowledge of standards such as ISO 27001/2, NIST CSF, NIST 800-53, TSC 2017 (SOC2), PCI DSS, etc.
• Strong knowledge of security control domains such as Asset Management, Configuration Management, SDLC, Logging and Monitoring, Data Security, Network Security, Security Governance, Identity Access Management, Vulnerability Management, etc.
• Proficiency in a wide spectrum of technical security controls encompassing logical access control, encryption , data loss prevention, secure coding practices, security architecture, vulnerability management, and network security technologies.
• Expert in conducting Vendor risk assessments and understand risk exposure of technology deficiencies and translating them to business impact
• Strong domain experience in security risk assessments
• Working knowledge of risk treatment and exception processes
• Strong knowledge of Security architecture design and review including key security controls related to authorization, authentication, and encryption of data in transit/at rest
• Ability to configure and/or maintain 3rd party customer audit management tools (such as OneTrust Compliance Automation or a similar tool ) for automated evidence collection to support customer audits is a plus
• Ability to configure and/or maintain 3rd party vendor risk management tools (such as OneTrust vendor assessment or a similar tool ) for third party risk assessments is a plus
• One or more certifications such as CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor and Lead Implementer
• Open to learning and working on new domains and technology
• Good written and spoken communications skills to explain and articulate technical concepts effectively to stakeholders including system engineers, and auditors
• Strong attention to detail and diligence

Education:

Bachelors Degree in Technology or Risk Management

CISA/ CISM/CISSP certification, ISO 27001 (Lead Auditor) preferred

Preferred candidate profile

Bachelors Degree in Technology or Risk Management

CISA/ CISM/CISSP certification, ISO 27001 (Lead Auditor) preferred

Certifications & Licenses:

CISA

CISM

CISSP

Cissp Certification

Proficiency in a wide spectrum of technical security controls encompassing logical access control.

Please share me updated cv along with same mail for further information please do contact me.

Thanks & Regards,

Anusha R

Ph No: 7989093547

Mail Me: anusha.r @rrootshell.com