Security Analyst (In-Persons Interview)

SonSoft Inc. is a USA based corporation duly organized under the laws of the Commonwealth of Georgia. SonSoft Inc is growing at a steady pace specializing in the fields of Software Development, Software Consultancy and Information Technology Enabled Services.

• Implement the overall risk management framework and processes, tools, and reporting methodologies on a continuous cycle.
• Develop and standardize processes and procedures for ongoing risk identification, tracking, monitoring, and evaluating security measures and remediation efforts; communicate security control deficiencies and recommend mitigation plans, report status progress and with non-compliance issues; measure adherence to the security controls from a policy, governance and risk standpoint.
• Perform third party supplier risk assessments by reviewing contracts for compliance with security policies, standards and practices; document security gaps and recommend appropriate remediation actions as necessary to minimize risks to the business.
• Assist with documenting security policies, standards, and guidelines based on the organization's requirements, maturity level, and compliance objectives.
• Facilitate awareness communications to various audiences, coordinate, and maintain project schedules, plans, and scope using standard project management methodologies.

Daily Task Performed:-

• Planning, designing and implementing an overall risk management process for the organization; 
• Risk identification, analysis, tracking, monitoring, documenting exceptions, and communicating risks to owners
• risk assessment, which involves analyzing risks as well as identifying, describing and estimating the risks affecting the business;
• risk evaluation, which involves comparing estimated risks with criteria established by the organization such as costs, legal requirements and environmental factors, and evaluating the organization's previous handling of risks;
• establishing and quantifying the organization's 'risk appetite', i.e. the level of risk they are prepared to accept;
• risk reporting in an appropriate way for different audiences, for example, to the board of directors so they understand the most significant risks, to business heads to ensure they are aware of risks relevant to their parts of the business and to individuals to understand their accountability for individual risks;
• corporate governance involving external risk reporting to stakeholders;
• carrying out processes such as purchasing insurance, implementing health and safety measures and making business continuity plans to limit risks and prepare for if things go wrong;
• conducting audits of policy and compliance to standards, including liaison with internal and external auditors;
• providing support, education, and training to staff to build risk awareness within the organization
• maintaining current documentation of all related activities for GRC Unit

Musts

• Bachelor degree in Information Systems or equivalent work experience of a minimum of 3-5 years as an information security risk management practitioner, preferably in the financial, consulting, and/or global organizations
• Prior work experience of risk management disciplines, security policies and standards, technology risk assessment, and third party supplier risk process and requirements
• Current or previous experience with risk assessment methodologies and conducting risk analysis in a regulated environment or related IT audit background
• Knowledge of security and control frameworks, such as ISO 27002, NIST, CobiT, COSO and ITIL
• Experience with implementation of information security best practices for key areas such as access control, data protection, systems development life cycle, PCI DSS, and cloud services
• Professional certification in risk management, and/or audit is preferred (e.g., CISSP, CRISC, CISA, or CISM)

Business Experience:-

• Proven ability to work with and across all levels of the organizations and navigate organizational boundaries
• Excellent organizational, interpersonal and communication skills with strong written, oral, and presentation skills; both delivery and creation of power points (must be able to distil complex topics into simple concepts)
• Ability to effectively communicate with technical and executive audiences and develop and maintain strong peer/client/customer relationships underpinned by a service oriented approach to work
• Adept at time management, tasks and projects prioritization, and multi-tasking
• High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity
• High degree of initiative, attention to detail, follow-up skills, deliver on commitments, dependability, and ability to work with little supervision
• Demonstrated problem-solving skills and capability to drive process improvements
• Highly proficient with Microsoft Office Suite especially Excel and PowerPoint; and SharePoint administration.

Wants:-

Demonstrate broad competency and understanding in a variety of IT security areas:

• Security Policy Development and Management
• Assist with documenting security policies, standards, standard operating procedures and guidelines based on the organization's requirements, maturity level, and compliance objectives.
• · Risk Management
  
• Perform risk assessments, generate risk reports/updates, tracking progress of remediation efforts.
• Security Awareness
• Facilitate and distribute communications to various audiences to promote about GRC Unit's objectives and goals.
• Information security risk management, risk assessments, reporting, tracking and strong interpersonal and communication skills.

Connect with me at https://www.linkedin.com/in/mir-hasham-ali/ (For Direct Clients Requirements)

** U.S. Citizens and those who are authorized to work independently in the United States are encouraged to apply. We are unable to sponsor at this time.

Note:-

1. This is a Contract job opportunity for you.
2. Only US Citizen, Green Card Holder, GC-EAD, H4-EAD & L2-EAD can apply.
3. No OPT-EAD, H1B & TN candidates, please.
4. Please mention your Visa Status in your email or resume.

** All your information will be kept confidential according to EEO guidelines.