Senior Security Analyst (Governance, Risk & Compliance - GRC)
There is now an exciting opportunity for an experienced individual to join our new team as Senior Security Analyst, handling the Governance, Risk & Compliance (GRC) portfolio.
Lead and propose enhancements to proactive security operation measures such as vulnerability scanning and penetration testing and generate reports highlighting findings.
Establish, maintain and enforce policy, guidelines and baselines related to security for the users and administration of IT systems.
Review existing and proposed system configurations and designs to ensure compliance with security controls and baselines.
Lead IT system risk assessments for complex IT systems and scenarios and evaluate proposed system changes.
Design, implement, operate and maintain security tools and solutions such as network security appliances, end point protection, perimeter protection tools.
Monitor IT systems for security threats and plan response and remediation actions.
Develop, review, update, maintain and communicate IT and cybersecurity governance documents.
Participate in cybersecurity audits and assessments.
Track and follow up with IT and IT Security team on various audit findings/observations.
Develop, deliver and update information security awareness program.
Conduct monthly phishing exercise.
Collect KPIs and provide status update to Management.
Conduct internal audit and assessment whenever required.
Build good relationships with auditors and all stakeholders.
Perform other miscellaneous duties as directed by the Manager.
Bachelor's degree in or Associate degree with 3 additional years of experience in the IT field.
12 years’ experience in IT.
CISM or equivalent professional certification is preferred.
Well-versed with various IT & cyber security policies such as IT Security policy, Identify and Access Management policy, Change Management policy, Vulnerability Management policy, Remote Access policy, Risk Management policy, Business Continuity Plan & Disaster Recovery policy, Incident Response policy, Data Classification policy, Asset Management policy, Data Protection policy etc.
Well-versed with Risk Assessment, Third Party Security and with NIST standards.
Proficient in written and oral English.
How to apply
If you believe you meet the requirements for this role, please contact us with your CV stating your experience as well as current & expected salary.