Information Security Analyst is needed to perform the following duties: 

∙         Development and maintenance of IT policies and control standards

∙         Development of IT risk and control training material

∙         Analyzing systems for management compliance against the standards such as ISO 27001 ISO 22301 ISO 9001, PCI, SOC, HIPAA, FedRAMP and other frameworks

∙         Issue internal defects to auditors, organize

∙         Monitoring and following up on identified actions.

∙         Reviewing audit files against applicable requirements and identify any deficiencies.

∙         Ensuring such deficiencies are communicated to auditors to avoid recurrence.

∙         Finalize certification approval

∙         Reports to management and suggests recommendations on quality concerns, trends, and costs.

∙         Communicate with Line of Business (LoB) and Application Development Team, about the proposed timeline for conducting system reviews

∙         Understanding of AWS, Azure, and GCP platforms, network infrastructure, asset management, incident management, business continuity, disaster recovery, identity management, etc.

∙         Interpret quality requirements from customs and from internal requirements and implement Quality Control Plans

∙  Performing assessments of the information security controls through inspections of policies and evidence of security and cyber-resiliency controls to validate operational effectiveness and identify gaps

∙         Review, identify gaps and provide recommendations, including mitigation steps and configuration details to fix the gaps.

∙   Evaluate the adequacy of quality standards

∙  Routinely analyze quality data and other documentation, seeking to understand trends and capitalize on lessons learned and corrective actions taken

∙   Manage and present information to leadership to convey the organization’s status and standings regarding implement of the QMS and compliance with standards

∙         Implement an internal audit program, assessing the organization against QMS, certification and regulatory standards

∙         Oversee corrective action plans of organizational elements to determine adequacy and completion of corrective actions

∙         Prepare reports to communicate outcomes of quality activities

∙         Identify training needs and organize training interventions to meet quality standards

∙         Coordinate and support on-site audits conducted by external providers

∙         Evaluate audit findings and implement appropriate corrective actions.

∙          Oversee implementation of corrective actions by other organizational elements

∙         Monitor risk management activities.

∙         Responsible for coordinating, developing, and managing controlling workflow activities and deadlines; maintaining, organizing, and gathering information.

∙  Establishing information security management systems procedures and policies relevant to the operations of the organization and testing them

∙  Screening of vendors for risks to the security of the Company’s sensitive information.

∙Implementing controls for projects to improve energy efficiency in the process

∙ Risk Management, Business Analytics, Information Security, IT Audit experience.

Bachelor Degree is required in Computer Science or Computer Information Systems or Information Technology.

 ==============================================