Information Security Analyst III
To see similar active jobs please follow this link: Remote System Administration jobs
Summary
The Information Security Analyst - GRC involves performing comprehensive scoping, control assessments, and audit facilitation as part of the certification team. This person will work closely with cross-functional teams to assess risks and controls, work directly with Business Continuity, Disaster Recovery and Crisis Management, and assist with IT audit projects.
What you'll do
Ensure the security process is governed by organizational policies and practices that are consistently applied;
Require that data with similar criticality and sensitivity characteristics be protected consistently regardless of where in the organization it resides;
Enforce compliance with the security program in a balanced and consistent manner across the organization and ensure adherence to applicable regulations;
Routinely inform the Operations & Technology Committee & Management Risk Committee (MRC) of the overall status of the Institution’s Information Security Program to prevent cyber-attacks;
Coordinate Risk Assessment audits, PCI DSS, PCI PIN Security, ISO 27001, ISO 22301, penetration/vulnerability tests, and other related assessments;
Contribute to the definition of BC & DR strategy, policy, standards, plans, and direction;
Be the subject matter expert on business continuity, disaster recovery, and crisis management, supporting business stakeholders;
Structure, support, and coordinate regular business continuity and disaster recovery testing to assess the effectiveness of established plans and procedures;
Structure, support, and coordinate all aspects of design, implementation, planning, testing, and governance of Business Continuity, Disaster Recovery, Emergency, and Crisis Management Plans within the company's Business Continuity scope;
Ensure that the business, IT, and third-party teams involved are adequately trained in BC, DR, and Crisis requirements, policies, and standards and that the Business Continuity theme is disseminated throughout the company;
Structure and conduct Business Impact Analysis (BIA);
Create executive reports regarding strategies, test results, risks, and crises;
Build and update business continuity KPIs;
Minimum Qualifications
Experience of cybersecurity frameworks and audits such as ISO 27001, ISO 22301, PCI DSS, SOC 1 and SOC 2 and other regulatory requirements;
Experience with Business Continuity, Disaster Recovery and Crisis Management;
Desirable experience with Disaster Recovery with AWS;
Core Benefits
Remote work
Flexible hours
Gympass
Meal & Food vouchers
Remote work financial support
Life Insurance
Medical and Dental Assistance
Employee child care benefit: daycare
Vidalink partnership
Day off (Birthday)
Support for studying languages
50% off AWS and GCP certifications
Technologies that we apply in our day
SAST
SCA
IaC Scans
Information Security Analyst III
To see similar active jobs please follow this link: Remote System Administration jobs
Summary
The Information Security Analyst - GRC involves performing comprehensive scoping, control assessments, and audit facilitation as part of the certification team. This person will work closely with cross-functional teams to assess risks and controls, work directly with Business Continuity, Disaster Recovery and Crisis Management, and assist with IT audit projects.
What you'll do
Ensure the security process is governed by organizational policies and practices that are consistently applied;
Require that data with similar criticality and sensitivity characteristics be protected consistently regardless of where in the organization it resides;
Enforce compliance with the security program in a balanced and consistent manner across the organization and ensure adherence to applicable regulations;
Routinely inform the Operations & Technology Committee & Management Risk Committee (MRC) of the overall status of the Institution’s Information Security Program to prevent cyber-attacks;
Coordinate Risk Assessment audits, PCI DSS, PCI PIN Security, ISO 27001, ISO 22301, penetration/vulnerability tests, and other related assessments;
Contribute to the definition of BC & DR strategy, policy, standards, plans, and direction;
Be the subject matter expert on business continuity, disaster recovery, and crisis management, supporting business stakeholders;
Structure, support, and coordinate regular business continuity and disaster recovery testing to assess the effectiveness of established plans and procedures;
Structure, support, and coordinate all aspects of design, implementation, planning, testing, and governance of Business Continuity, Disaster Recovery, Emergency, and Crisis Management Plans within the company's Business Continuity scope;
Ensure that the business, IT, and third-party teams involved are adequately trained in BC, DR, and Crisis requirements, policies, and standards and that the Business Continuity theme is disseminated throughout the company;
Structure and conduct Business Impact Analysis (BIA);
Create executive reports regarding strategies, test results, risks, and crises;
Build and update business continuity KPIs;
Minimum Qualifications
Experience of cybersecurity frameworks and audits such as ISO 27001, ISO 22301, PCI DSS, SOC 1 and SOC 2 and other regulatory requirements;
Experience with Business Continuity, Disaster Recovery and Crisis Management;
Desirable experience with Disaster Recovery with AWS;
Core Benefits
Remote work
Flexible hours
Gympass
Meal & Food vouchers
Remote work financial support
Life Insurance
Medical and Dental Assistance
Employee child care benefit: daycare
Vidalink partnership
Day off (Birthday)
Support for studying languages
50% off AWS and GCP certifications
Technologies that we apply in our day
SAST
SCA
IaC Scans