Senior Cybersecurity Risk Analyst | Mumbai or Pune
Position Summary:
The SeniorCybersecurity Risk Analyst is an important role in supporting the overallvision of the Cybersecurity & Assurance Program at Cornerstone OnDemand(CSOD). This position is part of the globalCybersecurity Engineering and Assurance team and is reporting into the Senior Director,Cybersecurity & Assurance.
This role will be responsible for managingthe global Cyber risk Management Program and Vendor Risk Management Program. Furthermorethe role is driving the global Information Security Management System.
Key Responsibilities:
Responsible for the global Cyber risk management program and leads the identification, communication, and management of company-wideRisk.
Want more jobs like this?
Get Computer and IT jobs delivered to your inbox every week.
Responsible for operational management of the global Information Security Management System (ISO27001)
Responsible for the vendor and third party risk management program
Supporting the AI Management System (ISO 42001) from a risk management perspective
Execute the global business impact assessments and risk assessment program
Work closely with the global Cybersecurity and Assurance Team to implement security standards across the organization
Interface and partner with cross functional leaders from engineering, Cloud Operations, IT and other functions to development mitigation plans on designing effective controls to improve security compliance and manage risk
Identify business, cybersecurity and technology risks, evaluate internal controls to treat risks, and develop opportunities to continuously improve internal controls
Work with control owners to ensure control objectives and activities meet compliance standards for effectiveness and evidence, and ensuring operational efficiencies
Work with Cornerstone's external audit partners and cross functional teams to schedule appropriate internal audit testing and/or risk assessments
Recommend updates to security policies, standards and procedures to address new industry practices, requirements and standards based on security and compliance requirements
Skills and Experience:
Degree in Information Technology, Computer Science, or related fields
5+ years risk identification, assessment and management experience
3-4 year in project and process management and improvement
3-4 year experience in multi-country/global Information Technology organization (preferably SaaS)
Working experience with GRC platforms
Experience in third-party risk management processes
Experience management project portfolios and programs
Experienced in metrics, maintaining dashboards and executive reporting
Multi year working experience with managing ISMS (ISO 27001) and preferably AIMS (ISO 42001)
Adequate knowledge of latest security tools, technologies and control best practices for I&AM, encryption, system hardening, anti-malware, data leakage prevention, IDS/IPS, network architecture security, vulnerability management, etc.
Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism
Excellent data analysis, documentation and articulation skills
Excellent communication, presentation and collaboration skills
Education:
Certifications as CRISC and/or CRMP desired
#LI-Hybrid