As a Risk Analyst at Secure Logic, you will play a crucial role in evaluating and managing the security and compliance of our clients' risks posture. The primary role is to perform third party or vendor risk assessments, controls testing and risk and control self-assessments. You will work closely with internal teams and external vendors to assess, report, and mitigate risks, ensuring that data and information security standards are met.

In depth understanding, knowledge and experience of frameworks such as CIS, NIST-CSF and ISO together with compliance requirements pertaining to data privacy, such as GDPR, CCPA, etc. is a pre-requisite.

Responsibilities

• Conduct internal controls and vendor information security risk assessments, testing and audits.

• Candidates must possess previous experience in conducting risk and control assessments.

• Validate the adequacy of controls, standards, policies, and procedures to protect Confidentiality, Integrity, and Availability and ensure compliance with regulatory requirements.

• Assess the level of inherent technology risks in the context of business objectives and risk appetite, establishing residual risk based on scores.

• Ability to read and decipher IT system and technical design documents to identify potential risks or design flaws that may manifest into risks.

• Classify vendors according to their access to systems, networks, and sensitive information, assessing risks for individual vendors based on their level of access and the sensitivity of the data they handle.

• Query vendors based on their responses, identify potential gaps or observations, and communicate findings to stakeholders in a structured format, including risk descriptions, root causes, business impacts, compensating controls, and suggested remediation plans.

• Prepare and update Standard Operating Procedures for the Vendor Risk assessment process.

• Organize and lead internal weekly action review calls to track the status of ongoing assessments.

• Maintain, track, and follow up on the status of assessments, publishing a weekly tracker to the client.

• Full training will be provided for this role.

• This position is client-facing, so a strong client presence and excellent communication skills are essential.

• Be highly organized and a self-starter, requiring minimal supervision.

• Be able to learn software intuitively and enhance processes to take advantage of automation.

Qualifications and Skillset

• Bachelor's degree in a relevant field or equivalent work experience.

• Previous experience in conducting risk assessments is a requirement

• Knowledge and experience of risk management frameworks, such as CIS, NIST-CSF or ISO is a must.

• Understanding of compliance requirements related to IT audit, data privacy, including GDPR and CCPA is a pre-requisite

• Strong organizational and communication skills.

• Ability to work independently and collaboratively.

• Excellent client-facing skills and a professional demeanour.

• If you are a self-motivated individual with a passion for risk analysis and information security, and you want to join a dynamic team that is dedicated to ensuring the security of our clients' sensitive data, we encourage you to apply.

Certifications

ISMS LA, ISMS LI, CISM, CISP, CEH, ECSA, OSCP, SSCP, CCNA etc.

How to Apply

Interested candidates are invited to submit their resume and cover letter to annie.singh@securelogicgroup.co with the subject line "Risk Analyst Application - [Your Name]." Please clearly indicate your current CTC together with availability to start which should be immediate or less than 15 days’ notice period in your cover letter.