Job
Description
Information Security Risk Analyst - TDI CSO The Technology Data Innovation (TDI) Chief Security Office (CSO) comprises both Corporate Security and Information Security. We run security operations globally to protect the banks people, infrastructure, processes, and information. CSO Governance and Control conducts proactive Information Security (IS) controls assess ability and applicability reviews for the emerging technologies to design adaptable IS assessment framework to appropriately assess the security requirement for relevant applications and infrastructures. The role holder would mainly be working on assessments and remediation across the globe to ensure that the Information Securityrequirements for various assets within the Bank are safeguarded and mitigated from any potential risks which can include - Reputational, Financial & Regulatory. Your key responsibilities: Display strong knowledge of Information Security as this is an SME role for reviewing Risk & Control Assessments as per IS policy and ISO 27001. Work with governance, risk, and compliance (GRC) tools such as ServiceNow, should be familiar with national and international regulatory frameworks like NIST, ISO, SOX, EU DPD, PCI DSS, and GDPR and additional knowledge on Regulatory requirements/controls like MAS, CAM and PSDII to support stakeholder requirement. Display strong knowledge and understanding of Information security controls (ISO) and mitigation/remediation solutions. SME Knowledge on the BAU activities and have mentality to contribute for the daily BAU task as and when required. Take the responsibility/ownership to cover the portfolio end to end. Collaborate with process owners, internal auditors, external auditors, and other stakeholders to assist in reviewing, monitoring, and resolving findings. Ability to successfully manage third-party audits, compile evidence, and organize audit responses. Manage scope of deliverables and expectations and ensure clear and concise communication to onshore team members and other stakeholders. Provide process improvement inputs to various stakeholders. Build strong relationships with various stakeholders, including but not limited to: Portfolio Owners, Divisional ISOs, Business owners, Application & Technology owners, Risk Managers to complete Information Security Risk & Control Assessments and Remediation management. Design strategic programs and solutions to implement effective information security objectives throughout the organization. Proactively seek ways to improve upon existing practices and processes. Display insight and ability in identifying issues and develop successful solutions. Communicates openly with management and the internal stakeholders; keeps them informed of potential risk and escalate problems/delays accordingly to avoid / minimize the impact. Work with multiple, distributed teams (across different locations) Develop key operational procedures and policies where necessary and ensure adherence to all such defined policies. Represent the process in other forums, provide inputs for the monthly and quarterly dashboards with performance and with any challenges faced or suggestions to improve the quality. Proactively develop and maintain professional consultative working relationships with the CSO function, stakeholders and respective support areas and will use a range of approaches to collect relevant information to assess key risks. Your skills and experience: Significant work experience in the Information Technology / Information Security area Proven capabilities / competencies in mitigating the Information Security / Application Governance / IT Control etc. Clear understanding of the relationship between IS risk and how this applies to business processes. Professional / industry recognized certifications (e.g., CISA, CISM, CRISC etc.) are highly beneficial to cover a broad range of Information Security areas where relationship with the business or IT is required. Strong understanding of service delivery and relationship management Project management, Agile methodology, analytical and practical problem-solving skills. Ability to monitor, track and clearly communicate progress, escalate issues when appropriate. Good understanding of data and skillset to produce effective reports using Excel, Macro, or other reporting tools. Experience with data visualization tools like Tableau, Power BI, etc., Proficiency in Data Analytics Skills in Python, added advantage to languages such as SQL for data manipulation and analysis. Ability to understand the latest cybersecurity threats, attack vectors, attack techniques and emerging trends through threat intelligence sources and communities. Experience in global teams across different time zones and within a matrix environment. Professional and strong verbal and written communication skills and the ability to communicate on all hierarchy levels. Self-driven, eager to learn and well-organized team player.
