New User: Apply to selected job without registration
  New User: Apply to selected job and register
Please fill in the below details to apply to the selected job.
If you are registred User, Login to Apply

Senior Security Engineer - GIS Risk Analyst

1 - 2 YearsBengaluru

Not Disclosed by RecruiterPosted: 19 days agoJob Applicants: 151Job Views: 248
Send me Jobs like this

Job Description


The Global Information Security (GIS) Risk Analyst will work with peers in GIS and across the Technology Division to ensure that InfoSec risks are properly identified, assessed, adjudicated, and communicated in support of the overall GIS Risk Management program. The Risk Analyst will report to the Manager, InfoSec Risk Management, and will assist with the continuous improvement of the InfoSec Risk Management program, as well as contribute to the daily functioning of the GIS InfoSec Risk Management Program.

Responsibilities Include:

Work with peers in GIS, Architecture & Product Management, Execution & Engineering, Infrastructure & Operations, and IT Compliance & Controls to identify and adjudicate InfoSec risks.
Conduct tabletop, lightweight, and detailed risk assessments using CME Groups established InfoSec risk management method and instrumentation.
Collaboratively author and edit various risk-related documents, including Risk Profiles, Risk Advisory Memos, Risk Acceptance Memos, exceptions and exemptions from GIS technical policies and standards, and other related output resulting from risk adjudication activities.
As requested, support the GIS Risk Leads participation in and contribution to various working groups across the Technology Division, including but not limited to the Enterprise Architecture Board, various change advisory boards, Identity & Access Management working group, Data Protection working group, etc.

As requested, assist the Executive Director of GIS Risk Management, Manager, Risk Management, and GIS Risk Lead with:

Continuous improvement and maturation of the methods, instrumentation, training, documentation, and processes required to properly manage InfoSec risks.
roviding advisory and consulting services to the Information Technology Management Team related to InfoSec risks, treatment strategies, and decision-making.
Promoting a culture of risk awareness and accountability through training, education, and risk management consultative support.
roducing GIS metrics for management and other stakeholders including gathering applicable data, identifying meaningful trends and effectively reporting written narrative, tabulated data and graphical representation.

Problem Solving:

Objectively assess the impact, likelihood, velocity, and magnitude of identified risks
Objectively advise on any number of technical controls that will mitigate risk while not imposing undue burden on those who must implement the controls
Drive objectivity and build consensus among stakeholders with widely divergent perspectives and drivers
Rapidly analyze complex technical details
Synthesize detailed analysis into a big picture view that can be easily understood by non-technical stakeholders in order to support risk-based decision-making for senior managers within the Technology Division.

Decision Making:

Recommends risk treatment decisions
Recommends ranges of controls when risk mitigation is desired
Recommends improvements to methods, instrumentation, training, documentation, and processes
Recommends solutions for automating and streamlining InfoSec risk management practices

Working Relationships:

Exercises skills in negotiation and influence on a daily basis to gain consensus with stakeholders on risk management decisions and deliverables.
Works daily with peers across all elements of the Technology Division.
Communicates regularly with cross-functional peers outside of the Technology Division, including General Counsel, Records Retention, Global Assurance (internal audit), Enterprise Risk Management, Third Party Risk Management, and other business unit leadership.
Interacts occasionally with industry peers from other SIFMUs, research organizations, solution providers, etc.

Salary: Not Disclosed by Recruiter
Industry: Banking / Financial Services / Broking
Functional Area: IT Software - Network Administration, Security
Role Category: Admin/Maintenance/Security/Datawarehousing
Role: System Security
Employment Type: Permanent Job, Full Time

Desired Candidate Profile

Required Experience:
Bachelors Applied Computer Science, BA Computer Applications, Bachelor of Technology, or similar.
1-2 years of experience in publicly traded companies or finance/technology industry operations;
OR Minimum 1-2 years as a consultant to such companies at a commensurate level.
Experience in at least two of the following: InfoSec (Operations, Program Management, Governance, Risk Management, etc.), Enterprise Architecture, Identity & Access Management, Application Development, Infrastructure & Operations, IT Compliance, or Internal Audit.
Experience working with industry based information security and / or control frameworks (NIST Cyber Security Framework, ISO 27002, CobIT, etc.).
Experience working with global organizations and global teams.
Demonstrable knowledge of a broad range InfoSec technologies and practices.
Demonstrable, high quality writing skills for technical, management, and executive audiences.

Additional preferred experience:

Masters Degree
Demonstrable knowledge of InfoSec risk management methods and practices
Experience with recommending, implementing, or operating GRC solutions
Professional certification in InfoSec or Risk Management (such as CRISC, CISM, CISSP, CGEIT, CISA, etc.)
Education:UG -B.Tech/B.E. - Any Specialization, Computers, Any Graduate - Any Specialization

Doctorate - Doctorate Not Required

Company Profile

CME India Technology And Support Services Pvt Ltd
CME India Technology And Support Services Pvt Ltd
View Contact Details+
Contact Details

Recruiter Name:HR

Contact Company:CME India Technology And Support Services Pvt Ltd

Reference Id:3231550