FIND YOUR DREAM JOB

Sign In
 [New User? Sign Up]
Mobile Version

Senior Analyst, IM Security


Source:
TIMESJOBS.COM
Location:
Bengaluru, KA
Date:
10-11-2016
Job Code:
58244268
Categories:
  • Miscellaneous
Applying for this job will take you to an external site
  •  
  • Shortlist
  • Email Friend
  • Print

Job Details

Primary Responsibilities Plans and manages the implementation of organization-wide processes and procedures, tools and techniques for the identification, assessment and management of risk inherent in the operation of business processes and of potential risks arising from planned IT-enabled change. Protects and defends information and information systems by ensuring availability, integrity, authentication, confidentiality and non-repudiation. Provides consulting for restoration of information systems by ensuring that protection, detection and reaction capabilities are incorporated. Ensures that appropriate action is taken to investigate and resolve incidents and problems in systems and services. Ensures that such incidents and problems are fully documented within the relevant reporting systems. Coordinates the implementation of agreed remedies and preventative measures. Conducts risk assessments for business applications and computer installations; provides authoritative advice and guidance on security strategies to manage the identified risk. Investigates breaches of IT service disruptions and recommends appropriate control improvements. Interprets information risk policy and contributes to development of standards and guidelines. Maintains an in-depth knowledge of specific technical specialisms and provides expert advice regarding their application. Can supervise technical specialists. Specific Tasks include Business Risk Management Advises on risk management policies, and contributes to the creation and publication of strategies for managing risk to the continuing effective operation of the business. Plans and manages the implementation of organization-wide processes and procedures, tools and techniques, within a specific information risk area, for the identification, assessment, and management of risk inherent in the operation of business processes and of potential risks arising from planned IT-enabled change. Identifies and categorizes strategic and operational risks. Advises on the evaluation of identified risks (including probability/frequency of occurrence, impact, and severity). Advises on appropriate action, including contingency planning, and countermeasures Information Assurance Awareness of legal and best practices relating to availability, integrity, confidentiality, privacy, etc. Recommends appropriate and practical performance measures and tracks compliance. In the context of Business Continuity, assesses protection, detection, and reaction capabilities, to determine whether they are sufficient to support restoration of information systems in a secure manner. Information Risk Conducts assessments of threats to confidentiality, integrity, availability, accountability and relevant compliance. Participates in security control reviews, business risk assessments, and reviews that follow significant breaches of security controls or IT service disruptions. Contributes to the development and promotion of the technical specialize. Recommends quality standards and policies relating to the technical specialize. Maintains knowledge of the technical specialism at the detailed and comprehensive level. Keeps in close touch with and contributes to current developments in the technical specialism within Xerox.Candidate Education Minimum Bachelor's Degree Computer Science, Information Systems, or related field.Professional Certifications Minimum Technical certifications as required such as CISSP, SANS GSEC, CIPP, FBCP.Candidate Background Skills, Knowledge & AbilityAt a minimum, the preferred candidate will have demonstrated the followingExtensive experience in Information Technology and significant experience in Risk Management specialism. Can absorb complex technical information and communicate effectively to both technical and non-technical audiences. Is able to assess and evaluate risk and to understand the implications of new technologies. Ability to describe and clearly articulate the risk assessment and business impact Has a broad understanding of information technology and deep understanding of area(s) of specialization. Takes initiative to keep own skills up to date and to maintain awareness of developments in the information systems industry. Has expertise in the technical specialism, the technology involved, current developments, the most commonly available products, and the application of the specialism within a technical or business environment. Has a good overall knowledge of specific areas of information systems practice and applications. Has a working understanding of the management processes within the IT function or department and practical knowledge of the principles of information management. Understands information systems auditing practices, and acknowledges the need to maintain a practical and pragmatic approach to standards compliance. Communicates well, both orally and in writing, and has the skill to influence through persuasion in a formal context Has a sound and wide business knowledge and an understanding of current and emerging information and communications technologies and their level of maturity and stability. Has a good working knowledge of the client organizations policies, management structure and business objectives, and of the existing Information Systems portfolio and IT infrastructure. Can facilitate the analysis of business processes, and articulate potential changes to business processes in a lucid and cogent manner, both orally and in writing.Additional Role Requirements Information Security Domain Broad knowledge of at least 7 out of the following 10 security domains with deep technical expertise in at least one of the domain areas Access Control Systems and Methodology Telecommunications and Network Security Business Continuity Planning and Disaster Recovery Planning Security Management Practices Security Architecture and Models Law, Investigation, and Ethics Application and Systems Development Security Cryptography Computer Operations Security Physical Security One or more of the following industry certifications required CISSP, GSEC, CISA, GCIH, GCFA or other related certification. Knowledge of relevant industry standards awareness and governmental regulations Information Privacy Domain Basic knowledge of the following Privacy domains with some technical knowledge of the IT related domains U.S. and international privacy laws information management practices as it relates to privacy privacy implications of emerging technologies HIPAA, GLBA, APEC principles OECD guidelines EU Directive and Safe Harbor employee records management workplace monitoring incident handling PII Web forms and cookie files Spyware Spam Certifications desired CIPP or other related certification. Knowledge of relevant industry standards Disaster Recovery Domain Broad knowledge of at least 7 out of the following 10 Business Continuity domains with deep technical expertise in at least three of the domain areas Project Initiation and Management Risk Evaluation and Control Business Impact Analysis Developing Business Continuity Strategies Emergency Response and Operations Developing and Implementing Business Continuity Plans Awareness and Training Programs Exercising and Maintaining Business Continuity Plans Public Relations and Crisis Coordination Coordinating with External Agencies One of the following industry certifications desired CFCP, CBCP, or other related certification. Knowledge of relevant industry standards awareness and governmental programs
Additional Degree: BE/ B.Tech (Engineering)

Experience: 2-6

Requirements

Business/Systems Analysis | Software Engineer | System Analyst/Tech Architect | System Security
Applying for this job will take you to an external site

FEATURED JOBS

© Copyright 2015 Al Nisr Publishing LLC - powered by Gulf News