Senior Risk Analyst

Position Title: Senior Risk Analyst
Position Type: Regular - Full-Time
Position Location: New Delhi
Requisition ID: 29069
JOB PURPOSE:
Reporting to the Manager of Cyber Risk, the Senior Information Security Analyst is responsible for the development and oversight of cyber risk, architecture and compliance requirements involved in new initiatives or the modification and ongoing support of existing objectives and initiatives. The Security Analyst must work with business partners as well as IT professionals in evaluating Information Security risks and implementing security controls across the organization.
McCain Foods provides each of our Information Security team members' exposure to a broad range of responsibilities, activities, and projects; providing you an accelerated opportunity to grow and develop professionally.
JOB RESPONSIBILITIES:

• Assessing risk to corporate information and technology utilizing developed risk assessment/threat analysis methodology, and reporting on risks through management reports, dashboards, and scorecards.
• Proven ability to drive and align risk remediation decisions and where applicable, assist with remediation through policy/standard/procedure development and protective/detective controls.
• Driving improvements on current risk assessment methodologies and implementing new methodologies as required.
• Building and maintaining an organizational risk profile through knowledge gained from performed risk assessments and awareness of critical business assets.
• Providing input and guidance to McCain's Information Security awareness training framework and communication plan.
• Participates in product and vendor selection process to provide subject matter expertise on Information security risk and compliance.
• Assisting with strategical, tactical and compliance review planning, including metric and reporting development.
• Perform Business Impact Analysis (BIA) to effectively analyze how disruptions may impact the organization.
• Engage stakeholders and partners to drive key remediation and mitigation efforts.
• Maintain overall risk register and present findings to appropriate business units and executive management on a regular basis.
• Performs internal cyber risk and control assessments that address security threats, changes to systems and/or applications, process improvement initiatives, supplier assessments (including downstream outsourcers) and other requests from the business.

MEASURES OF SUCCESS:

• Risk Analysis: ability to identify and articulate information security risks, assign the correct risk severity, and recommend mitigating controls.
• Stakeholder Management: Ability to work and communicate with a broad range of both technical and non-technical internal stakeholders.
• Risk Assessment Methodology: Ability to evaluate and mature risk assessment methodology based on current business needs.
• Enterprise Security Architecture: Ability to build, align and implement an Enterprise Security Architecture.

• Security Knowledge: An understanding of various security control requirements, technical and administrative controls, and implementation approaches.

KEY QUALIFICATION & EXPERIENCES:

• Demonstrated experience in leading Information Security governance, risk, and compliance and controls implementation gained through 5+ years of progressively more responsible work in this field.
• A university degree (computer sciences and/or engineering) highly desirable.
• Must have a current CISSP, CISM, CRISC or comparable information security certification.
• Relevant industry certifications from organizations such as ISC 2 , ISACA, or SANS will be considered strong assets.
• Demonstrate competency with information security principles, and industry standards. Significant understanding of FAIR quantitative risk analysis, NIST, ISO/IEC series of standards, SANS-20 and COBIT
• Knowledge and experience in using ISO 27001, NIST, and other applicable security frameworks.
• Functional knowledge of common security certifications (i.e. ISO 27001, SOC1, and SOC2) and ability to glean significance from findings identified in these reports.
• Knowledge of network-based services, client/server applications, mobile applications, enterprise systems and infrastructure, network architecture, and security infrastructure.
• Understanding of security controls such as firewalls, proxies, SIEM, antivirus, encryption, identity, and Access Management, Vulnerability Scanning and/or Intrusion Prevention Systems.
• Familiarity with GDPR is considered an asset.
• Knowledge or familiarity with manufacturing automation systems is considered a strong asset.
• Ability to interact with a broad cross-section of stakeholders to explain and enforce security measures, in both business and technical terms.
• Excellent written and verbal communication skills in English.
• Proven ability as a self-starter, working independently, and showing initiative.
• Strong attention to detail, project management and organizational skills.

Key Competencies & Leadership Principles:

• Drives Results, Collaboration, Ensures Accountability, Act Like An Owner, Think Big and Plan Ahead

OTHER INFORMATION

• Act as security risk "ambassador" to both internal and external customers. Provide guidance and leadership to other risk management team members. Aptitude to understand business needs and deliver high-quality, prompt, and efficient service.
• Occasional travel may be required to meet business needs.
• Job primarily performed in a standard office environment, however, work from home is available with manager approval.

McCain Foods is an equal opportunity employer. We see value in ensuring we have a diverse, antiracist, inclusive, merit-based, and equitable workplace. As a global family-owned company we are proud to reflect the diverse communities around the world in which we live and work. We recognize that diversity drives our creativity, resilience, and success and makes our business stronger.
McCain is an accessible employer. If you require an accommodation throughout the recruitment process (including alternate formats of materials or accessible meeting rooms), please let us know and we will work with you to meet your needs.
Your privacy is important to us. By submitting personal data or information to us, you agree this will be handled in accordance with the Global Employee Privacy Policy
Job Family: Information Technology
Division: Global Technology
Department: Global IS Security
Location(s): IN - India : National Capital Territory : New Delhi
Company: McCain Foods(India) P Ltd