Position Title: Sr Security Analyst(GRC)
Location: Mohali
Position Type: Regular, Full-Time
About the Role -
The Senior Security Analyst (GRC) is responsible for supporting Governance, Risk, and Compliance (GRC) programs including identifying and managing risks related to information security, privacy, governance, vendor security assurance, policy, and compliance. This role will be critical in developing and implementing security-related policies and standards to reduce securityrisk while buildingand monitoring securitycontrols based on the best practices of the company policies and security industry.
What you'll do:
- In these roles, you are part analyst, engineer, and advisor. You have the ability to ramp up quickly into a solid, productive member of the Security Team.
- You are organized and have the ability to innovate and automate as we continually improve our processes and tools you may own process areas, projects, or technologies for governance, risk, and compliance purposes.
- You create and maintain relationships with business and technical experts through the company who provide expertise in security requirements and solution management
- Ensure compliance with laws, regulations, industry standards, and compliance programs (e.g., SOC2, PCI, ISO 27001, NIST 800-X)
- Create processes to support effective risk identification, evaluation, communication, and remediation
- Participate in Risk Management Committee meetings.
- Work with risk owners to develop plans of action to reduce or mitigate risks
- Analyse security controls for the effectiveness of design by evaluation of control documentation and process
- Analyse security controls for operational effectiveness by evaluation of control evidence
- Contribute to corporate information risk management strategy, policies, standards, and tactical plans
- Operate and maintain vendor security risk management procedures to evaluate and document vendor and supply chain risks
- Contribute to a comprehensive internal security audit program that validates existing security controls
- Contribute to the company-wide security awareness program and compliance training
- Coordinate annual enterprise risk assessment and PCI assessment activities
- Work closely with internal and external auditors, regulators, and examiners, including coordination and compilation of technology documentation requests, reports, and assurance letters to ensure security compliance
- Maintain the Risk Register and support processes to define and measure risks, then plan risk responses with company leadership
Whom we're looking for:
- Bachelor's degree in a technology or business-related field (BSc or BBA preferred)
- 8 years overall experience in Information Security, Risk Management, or IT audit
- 5 years of hands-on experience supporting one of more of the following programs:
- Risk Management
- Vendor Risk Management
- Security Audits and Compliance
- Vulnerability Management
- Understanding of controls and risks sufficient to identify and evaluate control effectiveness and identify gaps between risks and controls.
- Working knowledge of business and risk assessment methodologies/ mitigation strategies using industry standards (e.g., COBIT, ITIL, ISO 27001:2013, NIST, OWASP, etc.)
- Experience working with asset management systems and databases
- Demonstrable conceptual, analytical, and innovative problem-solving and evaluative skills
- Very high attention to detail, with strong skills in managing/presenting data and information
- Very strong skills in documentation, including policies, standards, processes, and procedures
- Ability to work independently and productively without constant supervision
- Critical thinking and analytical ability
- Excellent verbal and written communication skills
- Certification such as SANS GIAC, CISA, or CISSP preferred
- Previous experience in a software development company is preferred
- Experience using a GRC management platform (e.g. Archer, Zen GRC, etc.) preferred.
Why RoundGlass:
RoundGlass was built on the vision that well-being should be at the very center of our life journey. We are reimagining how the world experiences wellbeing and how companies (like our own) support the well-being of their people. We're a group of talented, socially conscious, gritty, innovators using technology and human energy to create vibrant wellness ecosystem. Together, we've built an amazing community and we are always looking for people who share our passion.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. RoundGlass will provide reasonable accommodation to individuals with disabilities who need assistance applying for a
job. Please contact [Confidential Information] for more information.
Werely on legitimate interest as a legal basis for processing personal information under the GDPR for purposes of recruitment and applications for employment.
