Senior Technology Risk Analyst

The Technology Risk Analyst plays a crucial role in identifying, assessing, and mitigating technical risks within an organization. You will have an understanding of Enterprise Risk Management practices in a technical environment and be responsible for developing and implementing risk management strategies to safeguard technology assets, systems, and operations. Additionally, you will provide guidance on information security processes, controls, and compliance, and information security risk management to key stakeholders. This role requires a combination of technical expertise, risk analysis skills, and the ability to collaborate with cross-functional teams to ensure the effective management of technical risks. Your key responsibilities will include conducting comprehensive assessments of potential technical risks associated with the organization's systems, infrastructure, and technology projects. You will need to stay abreast of industry trends, emerging technologies, and potential vulnerabilities that may impact the organization's technical landscape. Evaluating the potential impact and likelihood of identified risks, considering both internal and external factors will also be a crucial part of your role. Working closely with technical teams to assess the security posture of systems and applications through vulnerability assessments and penetration testing will be necessary. You should also be able to articulate the business risks associated with technical vulnerabilities and risks. As a Technology Risk Analyst, you will be responsible for developing and implementing risk mitigation strategies and action plans to address identified technical risks. Collaboration with IT teams to prioritize and implement security measures, controls, and safeguards to mitigate potential threats will be essential. Establishing and maintaining an incident response plan to address technical incidents promptly and effectively will also fall under your purview. You will need to coordinate with relevant stakeholders to investigate and resolve technical security incidents, ensuring lessons learned are incorporated into future risk management strategies. Ensuring that the organization complies with relevant regulatory requirements and industry standards related to technical risk management will be a key responsibility. You should stay informed about changes in regulations and standards, adjusting risk management processes accordingly. Facilitating the deployment and maintenance of Technology risk and controls model with assigned Technology teams using globally known and industry standard models (e.g., COBIT5, OCTAVE, FAIR, NIST, ISO) as references will also be important. Managing and providing leadership on all key information security processes and procedures will be part of your role. Communication of technical risk information to both technical and non-technical stakeholders, including executives and board members, and providing regular reports on the status of technical risks, mitigation efforts, and key performance indicators to demonstrate the effectiveness of risk management strategies will be required. Directing the activities of project managers and project teams to ensure quality and timeliness of project completion, developing project business cases, charters, plans, and execution approach, and demonstrating strong stakeholder engagement and management capabilities will also be part of your responsibilities. You will be expected to develop and deliver training programs to enhance the awareness and understanding of technical risks among employees and foster a culture of security awareness and responsibility throughout the organization. Evaluating and managing risks associated with third-party vendors and partners, ensuring they meet the organization's security standards will also be a part of your role. Additionally, you will be responsible for developing and implementing strategies to protect the company's cybersecurity, including firewalls, security software, data encryption tools, safety protocols, etc. Qualifications: - Total work experience of 6+ years with a minimum of 3 years in a relevant field of work. - Bachelor's or Master's degree in Computer Science, Information Security, Risk Management, System Resiliency & Availability & Software development practices and frameworks, Products and operations, Access and identity management, application security, assurance programs, or a related field. - Proven experience in technical risk management, information security, or a related role. - Industry Relevant Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), Certificate of Cloud Security Knowledge (CCSK), CPA, CIA, AWS, CIPP, CBCP, CRM or equivalent are highly desirable. - Strong understanding of technology, information security principles, and risk management frameworks. - Excellent analytical, communication, and interpersonal skills. - Ability to work collaboratively with cross-functional teams and stakeholders. - Knowledge of widely known Enterprise Architecture frameworks like TOGAF, SABSA, etc. - Project Management Certification (PRINCE II, PMP, Agile or otherwise) and be an outcome-focused self-starter. - Current knowledge of best practice IT controls, risk management techniques, ISO27001, SOC1/2/3 SSAE18, CSA Star (CCM), PCI DSS and familiarity with GRC tools. - Hands-on product experience on Qualys Enterprise Tru-Risk Platform and similar leading security automation products with broad market presence shall be an added advantage.,