Sign In
 [New User? Sign Up]
Mobile Version

Senior Analyst, IM Security

Gurugram, HR
Job Code:
  • Miscellaneous
Applying for this job will take you to an external site
  • Shortlist
  • Email Friend
  • Print

Job Details

Purpose The planning and implementation of organization-wide policies, processes and procedures for the management of operational risk. The resolution of incidents and problems throughout the information system lifecycle, including classification, prioritization and initiation of action, documentation of root causes and implementation of remedies. Provide expert advice on information risk controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems. Conduct and evaluate risk management assessments and recommendation on remediation actions and business impact. This role will specialize on a specific technology and/or risk management discipline. Examples of specialization areas can be any technology, technique, method, product or application area as they pertain to the disciplines of information security, privacy, disaster recovery, and regulatory compliance. Scope Autonomy Has defined authority and responsibility for a significant area of work, including technical, financial and quality aspects. Establishes organizational objectives and delegates assignments. Accountable for actions and decisions taken by self and subordinates. Influence Influences policy formation on contribution of specialisation to business objectives. Influences at level of division internally and influences customer/suppliers and industry at senior management level. Decisions impact work of employing organizations, achievement of organizational objectives and financial performance. Develops high-level relationships with customers, suppliers and industry leaders. Complexity Highly complex work activities covering technical, financial and quality aspects and contributing to formulation of IS strategy. Work involves creative application of wide range of technical and/or management principles. Primary Responsibilities Plans and manages the implementation of organization-wide processes and procedures, tools and techniques for the identification, assessment and management of risk inherent in the operation of business processes and of potential risks arising from planned IT-enabled change. Protects and defends information and information systems by ensuring availability, integrity, authentication, confidentiality and non-repudiation. Provides consulting for restoration of information systems by ensuring that protection, detection and reaction capabilities are incorporated. Ensures that appropriate action is taken to investigate and resolve incidents and problems in systems and services. Ensures that such incidents and problems are fully documented within the relevant reporting systems. Coordinates the implementation of agreed remedies and preventative measures. Conducts risk assessments for business applications and computer installations; provides authoritative advice and guidance on security strategies to manage the identified risk. Investigates breaches of IT service disruptions and recommends appropriate control improvements. Interprets information risk policy and contributes to development of standards and guidelines. Maintains an in-depth knowledge of specific technical specialisms and provides expert advice regarding their application. Can supervise technical specialists. Specific Tasks include Business Risk Management Advises on risk management policies, and contributes to the creation and publication of strategies for managing risk to the continuing effective operation of the business. Plans and manages the implementation of organization-wide processes and procedures, tools and techniques, within a specific information risk area, for the identification, assessment, and management of risk inherent in the operation of business processes and of potential risks arising from planned IT-enabled change. Identifies and categorizes strategic and operational risks. Advises on the evaluation of identified risks (including probability/frequency of occurrence, impact, and severity). Advises on appropriate action, including contingency planning, and countermeasures Information Assurance Awareness of legal and best practices relating to availability, integrity, confidentiality, privacy, etc. Recommends appropriate and practical performance measures and tracks compliance. In the context of Business Continuity, assesses protection, detection, and reaction capabilities, to determine whether they are sufficient to support restoration of information systems in a secure manner. Information Risk Conducts assessments of threats to confidentiality, integrity, availability, accountability and relevant compliance. Participates in security control reviews, business risk assessments, and reviews that follow significant breaches of security controls or IT service disruptions. Contributes to the development and promotion of the technical specialize. Recommends quality standards and policies relating to the technical specialize. Maintains knowledge of the technical specialism at the detailed and comprehensive level. Keeps in close touch with and contributes to current developments in the technical specialism within Xerox. Candidate Education Minimum Bachelor's Degree Computer Science, Information Systems, or related field. Professional Certifications Minimum Technical certifications as required such as CISSP, SANS GSEC, CIPP, FBCP. Candidate Background Skills, Knowledge & Ability At a minimum, the preferred candidate will have demonstrated the following Extensive experience in Information Technology and significant experience in Risk Management specialism. Can absorb complex technical information and communicate effectively to both technical and non-technical audiences. Is able to assess and evaluate risk and to understand the implications of new technologies. Ability to describe and clearly articulate the risk assessment and business impact Has a broad understanding of information technology and deep understanding of area(s) of specialization. Takes initiative to keep own skills up to date and to maintain awareness of developments in the information systems industry. Has expertise in the technical specialism, the technology involved, current developments, the most commonly available products, and the application of the specialism within a technical or business environment. Has a good overall knowledge of specific areas of information systems practice and applications. Has a working understanding of the management processes within the IT function or department and practical knowledge of the principles of information management. Understands information systems auditing practices, and acknowledges the need to maintain a practical and pragmatic approach to standards compliance. Communicates well, both orally and in writing, and has the skill to influence through persuasion in a formal context Has a sound and wide business knowledge and an understanding of current and emerging information and communications technologies and their level of maturity and stability. Has a good working knowledge of the client organizations policies, management structure and business objectives, and of the existing Information Systems portfolio and IT infrastructure. Can facilitate the analysis of business processes, and articulate potential changes to business processes in a lucid and cogent manner, both orally and in writing. Additional Role Requirements Information Security Domain Broad knowledge of at least 7 out of the following 10 security domains with deep technical expertise in at least one of the domain areas
Additional Degree: BE/ B.Tech (Engineering)

Experience: 2-4


Network Administration | System Analyst/Tech Architect | System Security
Applying for this job will take you to an external site


© Copyright 2015 Al Nisr Publishing LLC - powered by Gulf News