Information Security Analyst (IT Risk)
InMobi
·
Posted:
May 5, 2023
·
Remote
About the position
The job overview for this role is not clearly labeled, but it can be found in the first few paragraphs of the job description. The overview describes the company's mission and culture, and promises an opportunity to have an immediate impact on the company and its products. The role itself is focused on technology risk management and involves developing cyber security policies, performing risk assessments, and improving compliance with security standards. The ideal candidate will have 1-3 years of experience in cyber security and risk management, strong communication skills, and the ability to work independently. The company values autonomy, collaboration, technical innovation, and results-oriented thinking.
Responsibilities
- Own the technology risk management practise and concentrate efforts on continuous improvement in GRC function aligned to global standards like NIST CSF, ISO 27001, ISO 31000, Cloud Security Alliance, etc.
- Develop cyber security policies, procedures and standards and aligned to global standards.
- Perform risk assessments of the inhouse products of InMobi and third-party vendor applications to identify current and future security vulnerabilities.
- Evaluate emerging technologies for their adoption to strengthen InMobi’s defences.
- Performs process-level walkthroughs, control testing, etc. for the identification and assessment of IT risks and controls.
- Effectively communicate key risks, findings, and recommendations for improvement with key stakeholders.
- Maintains risk register and develops IT Risk Management metrics and reports.
- Improve compliance with security standards and policies across third parties used in the enterprise.
- Monitor open third-party security issues and remediation actions associated with security control gaps to ensure timely closure.
- Responsible for conducting deep dives on IT security-related processes and systems.
- Executes information security awareness programs by regularly conducting workshops to educate employees about information security and best practices.
Requirements
- 1-3 years of experience in cyber security & risk management domain.
- Strong understanding of security governance, compliance and risk management principles.
- Strong understanding of mitigation methodologies and regulatory requirements pertaining to information security, privacy, and/or data security.
- Ability to work independently with little direction and/or supervision.
- Superior communication skills with the ability to ask questions, escalate roadblocks early, and interact effectively at multiple levels in the organization.
- Keen attention to detail with the ability to correct on the fly and work independently.
- Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker.
- Mindset to standardize & maximize automation in security & risk management space.
- High business acumen & ability to understand business objectives, technology stack and evolve security as a business enabler capability.
- Ability to operate, decide & evolve in ambiguous situations.
- Curiosity to learn & adopt emerging technologies.
- Agile practitioner.
- Holds vendor neutral cyber security certifications (desirable).