Senior Risk Analyst

Job Description

Knowledge and experience 4-8 years of experience in information security with an emphasis on risk assessment and/or risk management End-to end implementation of ISO 27001 risk management framework Demonstrated ISO 27001 or other standard audit framework skillset in several information security domains - Mandatory Experience conducting successful information security risk assessments – Mandatory requirement Experience conducting successful third party information security risk assessments – Preferred Demonstrated understanding & functional knowledge of technical domains of risk assessments to include at a minimum: - Mandatory Network security Identity and Access Management (IAM) Asset security Operational security Cloud Security VM Experience with GRC tools (e.g. RSA Archer) –Preferred Certifications such as ISO 27001 LA, CISSP and/or CRISC are preferred Skillset Proficiency in Microsoft Office suite, including PowerPoint, Excel, Visio, Word Able to manage multiple projects simultaneously, with strong ability to prioritize multiple tasks and respond to emergencies, organize and schedule work effectively Bold, decisive manner but not overbearing; capability to interact with many new individuals in different contexts week-to-week Exceptional communication, collaboration, and advocacy skills, both verbal and written, with the ability to express complex and technical issues as understandable language to all levels of personnel within Sony, and with clients and other stakeholders Must work well with others in a globally and culturally diverse environment Excellent analytical and problem solving skills Required Skills: RISK ASSESSMENTS Third party Risk management ISO 27001 Risk Management Cloud Risk Analyst Roles and Responsibilities Analyst will be responsible for conducting end to end information security risk assessments to identify, rank, document and ensure treatment of risks in a timely manner Job Description Conduct risk assessments to identify, assess, rank, and monitor information security risks for Sony group third parties Conduct risk assessments to identify, assess, rank, and monitor information security risks to Sony group internal assets Ensure risk recommendations are made and have action plans documented in the enterprise risk management tool Have regular meetings with internal & external stakeholders to ensure risk recommendations are tracked, updated and eventually closed Keep Sony management updated on the status of risk assessments, treatment, and closure Advise and make recommendations regarding appropriate personnel, physical, and technical security controls required for mitigating identified security risks Act as an information security advisor to SIE business and technology groups