Grc Analyst

Job Description

Security Policy, Risk and Privacy Analyst Responsibilities: Contributes to the development of policies, standards and guidelines related to personal data regulations and information security. Ensures controls are implemented inline with the approved security policies. Maintain an inventory of all information assets affecting personal data. Identifies security and privacy risks and vulnerabilities, assesses their impact and probability, develops mitigation strategies and reports to the business. Coordinates and works with the IT teams to communicate and mitigate security risks. Adopts governance framework to manage process, technical risks, and compliance of implemented security controls. Ensures key security controls are verified for compliance and deviations communicated and coordinated to closure. Conducts regular technical compliance assessments to verify the effectiveness of implemented security controls. Should manage governance and compliance related projects. Should coordinate with the relevant IT teams and the audit team to manage regular local audits. Requirements: Have worked at least 5 years experience in the information security domain. Should have knowledge of Information security standards (ISO 27001, NIST) and personal data regulations and standards (GDPR, ISO 27018 etc.) Have experience on drafting policies and procedures. Should have knowledge on security solutions. Should have worked on implementing personal data regulations and managing the same. Ability to create and analyze metrics to identify trends, gaps and issues. Have experience on managing end to end security audits. Have an experience on the information security risk management cycle. Understanding of project management and part of a project implementations Should have skills of managing implementation projects on governance and personal data regulations. Good communication skills, problem-solving skills and team player. Preferred Certifications ISO 27001 Lead Auditor/ CISA Certification on Management of Personal data (ISO 27018/GDPR certification/CDPSE/ Product related certification)