Senior Information Security Risk Analyst

Role Purpose: 

The  Risk Analyst operates within the governance, risk & compliance service provided by the Jumio security function. 

The Risk Analyst will be responsible for identifying, analyzing, and influencing the management of information risks across the organization. 

Role Value: 

The role holder reports into the GRC Lead and they need to positively influence other members of the security team as well as other departments across Jumio. 

Responsibilities:

The key responsibilities of the role  are as follows: 

Information Security Risk Management 

• Conducts information security risk assessments of internal processes,applications and software solutions.
• Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.
• Identifies, analyzes, assesses, monitors, and tracks risks in the information security risk register.
• Collaborates with internal stakeholders (Engineering , HR , Machine Learning , IT , Finance , Sales, Privacy,Legal, etc.) as part of the risk management program.
• Participates in ad-hoc, non-systematic risk assessment requests.
• Evaluates and manages security exception requests, ensuring compliance with security standards and mitigating associated risks.
• Prepares security exception risk profile and reports to relevant stakeholders.

Third Party Risk Management

• You support the delivery of vendor risk management and security assurance services, for high-speed business initiatives.  You perform focused risks assessments of existing or new services and technologies.
• Identify and collaborate with internal groups with outsourcing and vendor oversight responsibilities to reduce duplication of effort and ensure overall compliance with the program.

Governance Risk & Compliance

• You support governance risk and compliance activities within the ISMS
• Supporting the ongoing maintenance of independent security certification activities for SOC2, ISO 27001 and PCI DSS. 
• You support the management and high-quality output from the GRC Platform.
• You support our security compliance monitoring model. 
• You support the maintenance of security KPI metrics and reporting regularly. 
• You support the delivery of security awareness training and knowledge to all staff. 
• You support the management of security policies and processes, to ensure operational efficiency, meet regulatory compliance, and support regional demands. 
• You support external and internal audit activities as required. 
• You assist fellow Jumio’s in understanding and pragmatically responding to security audit findings.
• Stays updated with the latest cybersecurity trends, emerging threats, and industry developments to provide proactive risk mitigation recommendations.

Qualifications, Experience & Skills Required

• Experience in managing GRC solutions, and familiarity with Eramba or equivalent. 
• Experience in managing 3rd party vendor assurance tools. 
• Experience in supporting fast-paced GRC capabilities. 
• An ability to identify and assesses the severity and potential impact of risks and communicate risk assessment findings to risk owners outside Information Security in a way that consistently drives objective, fact-based decisions that optimize the trade-off between risk mitigation and business performance
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• An ability to effectively influence others to modify their opinions, plans, or behaviours
• You are a strong communicator, and you get your message across well and clearly, you make people interested in listening to you.
• An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
• Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part 
• An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization
• You move at speed and enjoy working within a fast-paced, dynamic environment. 
• You'll need passion and energy for the subject; you'll care about shaping positive outcomes. 
• You'll need to have a strong desire and hunger to learn as much as possible. 
• You'll have a willingness to embrace change, adapt and evolve to meet the needs of the subjects we manage.

Great to have Experience and Qualifications:

• 3+  years of work experience in information security, especially in an Information Risk Analysis role
• 3+  years of experience in a Security Risk Management (SRM) and/or IT Audit role
• 3+ years of experience with regulatory compliance and information security management frameworks (SOC2,  IS0 27000, and PCI DSS) 
• Desirable to be Certified Information Systems Security Professional (CISSP), Certified Information Security  Manager (CISM), and/or Certified Information Systems Auditor (CISA)
• BS or MA in Business, Computer Science, Information Security, or a related field

Key Characteristics and Attitudes: