Senior Information Security Analyst

We are seeking a highly skilled and detail-oriented Analyst to support the development, documentation, and evaluation of internal processes, risks, and controls. This role will be instrumental in creating detailed process narratives, conducting risk assessments, reviewing control designs, testing operational effectiveness, and developing and maintaining Key Risk Indicators (KRIs). The ideal candidate will have a strong background in risk management, internal controls, and compliance frameworks, with a solid understanding of information security principles.

Key Responsibilities

• Process Documentation:
  • Assist in development and maintenance of detailed process narratives and flowcharts for key business processes.
  • Collaborate with process owners to ensure documentation accurately reflects current operations.
• Risk Assessment:
  • Assist in execution of comprehensive risk assessments to identify and evaluate operational, financial, compliance, and information security risks.
  • Facilitate risk workshops and interviews with stakeholders to gather insights.
• Control Design & Evaluation:
  • Review and assess the design of internal controls to ensure they effectively mitigate identified risks.
  • Recommend enhancements to control frameworks based on industry best practices and regulatory requirements.
• Operational Effectiveness Testing:
  • Design and execute test plans to evaluate the operational effectiveness of controls.
  • Document test results, identify control deficiencies, and support remediation efforts.
• KRI Reporting:
  • Facilitate collection and reporting of Key Risk Indicators aligned with business objectives and risk appetite.
  • Monitor KRI trends and produce regular reports for senior management and governance committees.

Required Qualifications

• Experience in risk management, internal audit, compliance, or related functions.
• Degree in computer science, engineering, IT or equivalent technical degree.
• Strong understanding of internal control frameworks (e.g., COSO, SOX).
• Demonstrated experience in information security risk assessment and control evaluation.
• Familiarity with cybersecurity frameworks (e.g., NIST, ISO 27001) and regulatory requirements.
• Experience with risk taxonomy frameworks and criticality mapping, including the ability to classify and prioritize risks based on impact, likelihood, and business relevance.
• Experience with process mapping tools and risk assessment methodologies.
• Proficiency in data analysis and reporting tools (e.g., Excel, Power BI, Tableau).
• Excellent written and verbal communication skills.
• Ability to work independently and manage multiple priorities in a fast-paced environment.

Preferred Qualifications

• Professional certifications such as CPA, CIA, CISA, CRMA, CISSP, or similar.
• Experience in regulated industries (e.g., financial services, healthcare, energy).
• Familiarity with GRC platforms (e.g., Archer, MetricStream, ServiceNow).
• Self-motivation and ability to work independently.
• Strong communication skills working with users across globe.

About Our Company
Ameriprise India LLP has been providing client based financial solutions to help clients plan and achieve their financial objectives for 125 years. We are a U.S. based financial planning company headquartered in Minneapolis with a global presence. The firm’s focus areas include Asset Management and Advice, Retirement Planning and Insurance Protection. Be part of an inclusive, collaborative culture that rewards you for your contributions and work with other talented individuals who share your passion for doing great work. You’ll also have plenty of opportunities to make your mark at the office and a difference in your community. So if you're talented, driven and want to work for a strong ethical company that cares, take the next step and create a career at Ameriprise India LLP.

Ameriprise India LLP is an equal opportunity employer. We consider all qualified applicants without regard to race, color, religion, sex, genetic information, age, sexual orientation, gender identity, disability, veteran status, marital status, family status or any other basis prohibited by law.