4-8 years of experience in information security with an emphasis on risk assessment and/or risk management
End-to end implementation of ISO 27001 risk management framework
Demonstrated ISO 27001 or other standard audit framework skillset in several information security domains - Mandatory
Experience conducting successful information security risk assessments -Mandatory requirement
Experience conducting successful third party information security risk assessments -Preferred
Demonstrated understanding & functional knowledge of technical domains of risk assessments to include at a minimum: - Mandatory
Network security
Identity and Access Management (IAM)
Asset security
Operational security
Cloud Security
VM
Experience with GRC tools (e.g. RSA Archer) -Preferred
Certifications such as ISO 27001 LA, CISSP and/or CRISC are preferred
Skillset
Proficiency in Microsoft Office suite, including PowerPoint, Excel, Visio, Word
Able to manage multiple projects simultaneously, with strong ability to prioritize multiple tasks and respond to emergencies, organize and schedule work effectively
Bold, decisive manner but not overbearing; capability to interact with many new individuals in different contexts week-to-week
Exceptional communication, collaboration, and advocacy skills, both verbal and written, with the ability to express complex and technical issues as understandable language to all levels of personnel within Sony, and with clients and other stakeholders
Must work well with others in a globally and culturally diverse environment
Excellent analytical and problem solving skills
Required Skills:· RISK ASSESSMENTS· Third party Risk management· ISO 27001· Risk Management· Cloud Risk AnalystDepartment:SIE - Risk ManagementSkills Required:Information Security Management, Risk Assessment, risk analysisRole:Analyst will be responsible for conducting end to end information security risk assessments to identify, rank, document and ensure treatment of risks in a timely mannerJob Description
Conduct risk assessments to identify, assess, rank, and monitor information security risks for Sony group third parties
Conduct risk assessments to identify, assess, rank, and monitor information security risks to Sony group internal assets
Ensure risk recommendations are made and have action plans documented in the enterprise risk management tool
Have regular meetings with internal & external stakeholders to ensure risk recommendations are tracked, updated and eventually closed
Keep Sony management updated on the status of risk assessments, treatment, and closure
Advise and make recommendations regarding appropriate personnel, physical, and technical security controls required for mitigating identified security risks
Act as an information security advisor to SIE business and technology groups
Years Of Exp:4 to 6 YearsEducation/Qualification:B-TECH or other relevantDesignation:Senior Risk Analyst
