Information Security and Compliance Senior Analyst İş İlanı

GENEL NİTELİKLER

We are looking for Information Security and Compliance Senior Analyst and strong team member to joinInformation Security Team within Information Technology Directorate.

Required:

Someone to operate at the GRC (general risk and compliance) level in an information security team, supporting developers, engineers and analysts. A technical understanding of network infrastructure and security applications and tools is required but this is not a highly technical role. Main duty will be to identify and assess information security risks and recommend appropriate mitigation in line with Regulatory and Company security risk requirements, and act as the security consultant for business and IT projects within the Company.

Responsibilities:

• Developing as required appropriate security policies, standards, processes and procedures.
• Prescribing required security processes and procedures within projects, to maintain system security and environments using 'secure by design' methodology.
• Working with agile developers and testers to ensure security best practices are built into the software development life cycle.
• Ensure security best practices are implemented in a consistent way across projects and driving the overall design.
• Working to identify, articulate and manage information security and risks and support on-going accreditation process.
• Scoping and organising penetration tests and managing remediation efforts across the IT organization.
• Performing information security reviews and audits as required within the company.
• You will be working in a professional environment where English is default written and generally spoken communication language

Qualifications:

• 6+ years of work experience in roles with responsibility for the delivery and management of Information Security, preferably as an information security or risk analyst.
• Must have good knowledge in reviewing security designs and implementing security controls.
• Must be able to articulate security issues and risk.
• Good understanding of and experience with globally respected cyber security norms and standards -i.e. NIST Cybersecurity Framework, OWASP, MITRE ATT&CK, CIS-
• Excellent analytic reasoning, self-learner, and self-starter skills
• Excellent oral and written communications skills in English.

Desirable, but not essential:

• Bachelor or Master's degree in business/Computer Science/Information Security or a related field.
• Relevant IT Security or Information Risk Management qualifications (Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA),ISO 27001 Lead Auditor.