IT Security and Cybersecurity Analyst | Riskpro India

Job Requirements & Required Qualifications & Experience

• In collaboration with the IT Security Analyst, assist with the performance of highly technical information security risk assessments on vendors, measuring security control effectiveness against UC policy, regulatory requirements such as HIPAA, and standard security control frameworks such as NIST Cybersecurity Framework, NIST 800-53, and ISO 27001/2. Specify, communicate, and track appropriate remediation plans and/or compensating controls.

• In collaboration with the IT Security Analyst, assist with the management of the information security risk assessment service and associated processes, including scoping, intake, review, approvals, and customer escalations. Manage outside contractors who support risk assessment service. Oversee and assure continuous service improvement.

Qualification and Experience

• 5+ years direct experience with information security principles and operations

• 2+ years direct experience conducting information security risk assessments

• Advanced understanding of standard security control frameworks, including NIST

• Cybersecurity Framework, NIST 800-53, and ISO 27001/2

• Advanced understanding of HIPAA regulatory specifications and compliance requirements.

• Advanced understanding of standard risk assessment and risk management frameworks, including NIST 800-30, 800-37, and 800-39

• Intermediate understanding of IT security domains, including access control; application development security; business continuity and disaster recovery planning; cryptography; information security governance and risk management; legal regulations, investigations and compliance; operations security; and physical and environmental security

• Ability to advise IT system architects, technical project teams, and high-level business managers.

• Strong understanding of risk management concepts, metrics, and reporting methodologies

• Experience with governance, risk, and compliance (GRC) tools

• Understanding of business processes surrounding security and IT technical implementations

• Demonstrated ability to learn new technologies with minimal support and guidance

• Strong ethical foundation for business practices and promotion of workplace integrity

• Self-driven education to stay abreast of security developments and threats

• Team oriented; active participant in team and project meetings

• Diligent notification of management and co-workers of ongoing activities and possible security exposures

• Solutions-driven, vendor-neutral technology outlook

• Priority-driven time management for diverse projects across multiple customers and environments

• Independent thinker; must be able to prioritize work and plan future activities

• Detail-focused, adherent to procedures

• Strong communications skills, both written and oral, with ability to interact effectively at all levels of responsibility and authority

• Demonstrable aptitude for careers in IT security