Security Analyst

Sonsoft , Inc. is a USA based corporation duly organized under the laws of the Commonwealth of Georgia. Sonsoft Inc. is growing at a steady pace specializing in the fields of Software Development,  Software Consultancy and Information Technology Enabled Services.

MUSTS:-

• Bachelor's degree in Information Systems or equivalent work experience of a minimum of 3-5 years as an information security risk management practitioner, preferably in the financial, consulting, and/or global organizations.
• Prior work experience of risk management disciplines, security policies and standards, technology risk assessment, and third party supplier risk process and requirements.
• Current or previous experience with risk assessment methodologies and conducting risk analysis in a regulated environment or related IT audit background.
• Knowledge of security and control frameworks, such as ISO 27002, NIST, CobiT, COSO and ITIL.
• Experience with implementation of information security best practices for key areas such as access control, data protection, systems development life cycle, PCI DSS, and cloud services.
• Professional certification in risk management, and/or audit is preferred (e.g., CISSP, CRISC, CISA, or CISM).

WANTS:-

• Demonstrate broad competency and understanding in a variety of IT security areas.
• Security Policy Development and Management.
• Assist with documenting security policies, standards, and guidelines.
• based on the organization's requirements, maturity level, and compliance objectives.
• Facilitate, coordinate, and maintain project schedules, plans, and scope using standard project management methodologies.

BUSINESS EXPERIENCE:-

• Proven ability to work with and across all levels of the organizations and navigate organizational boundaries.
• Excellent organizational, interpersonal and communication skills with strong written, oral, and presentation skills; both delivery and creation of power points (must be able to distill complex topics into simple concepts).
• Ability to effectively communicate with technical and executive audiences and develop and maintain strong peer/client/customer relationships underpinned by a service oriented approach to work.
• Adept with time management, tasks and projects prioritization, and multi-tasking.
• High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.
• High degree of initiative, attention to detail, follow-up skills, deliver on commitments, dependability and ability to work with little supervision.
• Demonstrated problem-solving skills and capability to drive process improvements.
• Proficient with Microsoft Office Suite especially Excel and Power point.

DESCRIPTION:-

• Implement the overall risk management framework and processes, tools, and reporting methodologies on a continuous cycle.
• Develop and standardize processes and procedures for ongoing risk identification, tracking, monitoring, and evaluating security measures and remediation efforts; communicate security control deficiencies and recommend mitigation plans, report status progress and with non-compliance issues; measure adherence to the security controls from a policy, governance and risk standpoint.
• Perform third party supplier risk assessments by reviewing contracts for compliance with security policies, standards and practices; document security gaps and recommend appropriate remediation actions as necessary to minimize risks to the business.
• Assist with documenting security policies, standards, and guidelines based on the organization's requirements, maturity level, and compliance objectives.

• Planning, designing and implementing an overall risk management process for the organization.
• Risk identification, analysis, tracking, monitoring, documenting exceptions, and communicating risks to owners.
• Risk assessment, which involves analyzing risks as well as identifying, describing and estimating the risks affecting the business.
• Risk evaluation, which involves comparing estimated risks with criteria established by the organization such as costs, legal requirements and environmental factors, and evaluating the organization’s previous handling of risks.
• Establishing and quantifying the organization’s 'risk appetite', i.e. the level of risk they are prepared to accept.
• Risk reporting in an appropriate way for different audiences, for example, to the board of directors so they understand the most significant risks, to business heads to ensure they are aware of risks relevant to their parts of the business and to individuals to understand their accountability for individual risks.
• Corporate governance involving external risk reporting to stakeholders.
• Carrying out processes such as purchasing insurance, implementing health and safety measures and making business continuity plans to limit risks and prepare for if things go wrong.
• Conducting audits of policy and compliance to standards, including liaison with internal and external auditors.
• Providing support, education and training to staff to build risk awareness within the organization.

** U.S. citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor at this time.

Note:-

1. This is a Contract job opportunity for you.
2. Only US Citizen, Green Card Holder, TN Visa, GC-EAD, H4-EAD & L2-EAD can apply.
3. No OPT-EAD & H1B Consultants please.
   
4. Please mention your Visa Status in your email or resume.