Information Security Analyst

Job Description:
The Third-Party IT Risk Analyst develops, implements, maintains and administers a comprehensive security risk management program for evaluating the risk of third party suppliers based on the services provided and the underlying controls that are in place. They perform assessments of third parties to ensure that the appropriate security policies, procedures, and controls are in place. Based on assessments performed, the Analyst defines the risk associated with the third party and continually evaluates the risk based on changes that are implemented. The Analyst will work with relationship managers to address findings and gaps to reduce risk to the organization.

Information Security Analyst Responsibilities:
• Conduct periodic audits/assessment for potential and existing suppliers through questionnaires, site visits, and review of other documentation including assessment reports (e.g. SOC 2) to identify control gaps and risks.
• Perform periodic site visits of suppliers.
• Negotiates with suppliers the supplier security contract language. This includes commenting on parent contract language regarding backup and recovery, audit rights, business continuity, disaster recovery, termination, offshoring and outsourcing, and other information security concerns.
• Work with and assist vendor relationship managers and business partners to address and respond to risks in compliance with organizational risk policies and procedures
• Provide recommendations to address control deficiencies and improve the security posture of the supplier providing services to the organization
• Maintain, track, and report on third party risks to the appropriate stakeholders
• Effectively utilize Governance, Risk, and Compliance system to track risks associated with third parties

Information Security Analyst Requirements:
• Bachelor's degree in computer science or related field or relevant work experience
• CISSP, CISA, CISP, or CRISC certification required
• 5 years’ experience in Third-Party Risk Management or IT Controls Testing
• Experience in information security or related field.
• Experience utilizing a Governance, Risk, and Compliance platform
• Ability to communicate highly complex technical information clearly and articulately for all levels and audiences
• High critical thinking skills to evaluate alternatives and present solutions that are consistent with business objectives and strategy
• Strong team-oriented interpersonal skills with the ability to interface with a broad range of people and roles including vendors and IT-business personnel

We are an End to End IT Solutions provider with over a decade of experience in Business Consulting, IT Integration, Project Management and Staff Augmentation.

We take pride in our philosophy of “Organic Growth”. We are a fast-growing software consulting company offering software development solutions to all our clients through offshore and onsite services.

Our strength lies in leveraging innovation and a global onsite-offshore delivery model to provide the best Return on Investments (ROI) for our clients. With an established offshore service centre, we are able to provide our customers with cost effective and customized solutions.