JOB DESCRIPTION POSITION SUMMARY
The ambition of the security organization is to evolve to a business partner role, delivering value to the business while reducing and managing their risk. This by following a risk-based strategy and security improvement program with common objectives and controls.
The Security Analyst is key to ensure that security, safety and operational resilience within the entities are relevant, cost-effective and delivered in accordance with the Group Information Security Strategy. The role holder is part of a community of security analysts who are operating globally, providing security services to different entities. Mission of the Global Security Center is to extend delivery and oversight capacity of local teams, which might involve occasional short-term missions on-site. KEY RESPONSIBILITIES
• Collaborate with and support the Group Security Practice. Interactions with the company's Partners Global Security Center, Regional Security Officer, Country Security Managers and other stakeholders as necessary to ensure presence, quality and effectiveness of processes & controls .
• Serve as an expert advisor to the local entities in the implementation and maintenance of security, safety and operational resilience processes and controls.
• Ensure policies, shared security services and action plans are implemented based on the Group Security Strategy
• Identify and analyze risk, recommend appropriate mitigation options.
•Assess the impact on the business environment and align appropriate mitigation actions or the prioritization of projects and investments within the entity.
• Escalate the need to redirect investment or change practices to mitigate critical risks and ensure legal, regulatory or commercial compliance
• Implement continuous improvement processes and activities (e.g. good practices, reporting, problem resolution) to ensure quality and relevance of information security services
• Monitor and maintain system confidentiality, integrity and availability and manage security incidents.
• Promote a culture of information security and raise awareness
• Oversee the execution of information security projects in collaboration with the central Governance, Risk and Compliance team.
• Ensure development and maintenance of auditable processes to enforce consistency across the region
• Identify and implement coordinated responses to information security audit and compliance
issues SKILLS AND EXPERIENCE
- CISA, CRISC, CISM, SANS/GIAC or CISSP certifications preferred.
- Strong background in IT Infrastructure security, web-application security and Security architecture with more than 7 years of experience
- Strong knowledge of risks management and risk mitigation strategies.
- Experience in Third Party Security Assessment, Application Security Reviews, Vulnerability Management, Identity and Access Management, Data Leakage Protection, Security Hardening, IT Service Continuity Management (BCP / DR) and Crisis Management
- Knowledge of laws, regulations and standards that govern information security practices and frameworks such as ISO, NIST etc.
- Fluent in English (additional language could be an asset)
- Excellent problem-solving skills.
- Ability to plan and execute on project plans.
- Ability to deliver work / tasks with minimum supervision and effectively operate in a dynamic global organization.
- Demonstrated ability to handle multiple tasks with shifting deadlines and priorities under limited supervision.
- Demonstrated ability to interact effectively, internally and externally with all levels across the company including executive management (ability to translate IT and IS risk into business risk)
- Strong interpersonal, oral, and written communication skills.
- Bachelor's or Master's degree in computer science, management information systems, information security or related field is preferred.