Information Security Analyst (IT Risk)
InMobi
·
Posted:
August 25, 2023
·
Onsite
About the position
The job overview for this role is to own and improve the technology risk management practice, focusing on continuous improvement in the GRC function aligned to global standards. The responsibilities include developing cyber security policies, procedures, and standards, performing risk assessments of in-house products and third-party vendor applications, and evaluating emerging technologies for their security implications. This role is part of a lean and dynamic cyber security group that aims to set industry benchmarks in managing and guarding against digital risks in a "Cloud Native- DevOps Only" environment.
Responsibilities
Requirements
- Own the technology risk management practice and focus on continuous improvement in GRC function aligned to global standards like NIST CSF, ISO 27001, ISO 31000, Cloud Security Alliance, etc.
- Develop cyber security policies, procedures, and standards aligned to global standards.
- Perform risk assessments of in-house products and third-party vendor applications to identify security vulnerabilities.
- Evaluate emerging technologies for adoption to strengthen defenses.
- Conduct process-level walkthroughs, control testing, etc. to identify and assess IT risks and controls.
- Communicate key risks, findings, and recommendations for improvement with stakeholders.
- Maintain risk register and develop IT Risk Management metrics and reports.
- Improve compliance with security standards and policies across third parties used in the enterprise.
- Monitor and address third-party security issues and security control gaps.
- Conduct deep dives on IT security-related processes and systems.
- Execute information security awareness programs and conduct workshops to educate employees about information security and best practices.
Benefits
- Opportunity to contribute to creating disruptive and innovative consumer experiences using technology
- Autonomy and collaboration in the workplace
- Technical innovation and results-oriented thinking
- Fantastic opportunities for the right candidate
- Possibility of working in a "Cloud Native - DevOps Only" environment
- Strong understanding of security governance, compliance, and risk management principles
- Ability to work independently with little direction and/or supervision
- Superior communication skills and ability to interact effectively at multiple levels in the organization
- Analytical aptitude and data-driven decision-making skills
- Mindset to standardize and maximize automation in security and risk management space
- High business acumen and ability to understand business objectives and technology stack
- Curiosity to learn and adopt emerging technologies
- Agile practitioner
- Possibility of holding vendor neutral cyber security certifications (desirable)