Information Security, Risk & Compliance Analyst
Prague, Czechia
před 2 dny

Key Roles and Responsibilities :

This role supports the business and protects NTT’ reputation by taking responsibility for overall Information Security Management and aligns IT security with business security, ensuring that information security is effectively managed in all service and business activities within NTT Ltd.

The Risk Analyst’s primary role is ensure NTT Ltd Group and Subsidiaries establish and maintain information security program.

Implement process and controls to monitor group and subsidiary compliance practices to avoid breaching laws, regulations, policies, contractual and other security obligations and work to achieve compliance or in instances where non-compliant, ensure these are well understood with the risks managed in accordance with group risk management policies.

They will support and coordinate technical staff so that an integrated security strategy is embedded to achieve the certifications and compliance obligations of the group.

They are technology and compliance specialist and will provide senior mentorship, thought leadership and technical guidance to NTT Ltd Group and Subsidiaries stakeholders & country security solution architects, specialists and business development Analysts.

They will augment enterprise account planning initiatives, technical presales and bid management opportunities.

Identify risk and non-compliance :

Risk & Compliance Specialists take responsibility for the identification of potential risks, incidents and problems before they occur.

Identify, classify and record problems for all recurring issues and incidents to determine their root cause. These individuals also assist with ensuring that reported incidents and problems are solved and proactively review these to ensure the development of remedial action.

They support, review and investigate allegations as assigned by the country, regional and group team. They advise internal management on the implementation or operation of compliance programmes and any compliance issues.

This employee will monitor or assess compliance systems to ensure their effectiveness and / or recommend appropriate compliance systems.

They work with the relevant agencies or government organisations to supply information relating to compliance and ensure that any breaches are identified and dealt with, including advising the relevant stakeholders of such breaches.

Manage risk and compliance

The Risk & Compliance Specialist is responsible for risk and incident management in accordance with relevant legislation and ensures that the relevant stakeholders are advised of such incidents.

To ensure the proactive management of risk, they update and maintain a known breach / error database containing all problems and workarounds.

They assist with the provision of information to senior management on risk issues and assist with the provision of a plan to manage these.

They also assist with chairing of post incident review meetings and develop the relevant action plans to allow for proactive risk management.

They work closely with the Group Compliance team to implement Group policies and procedures locally, co-ordinating with local legal teams for compliance with local laws.

They conduct regular internal reviews to ensure compliance to relevant policies and procedures, ensuring the update or modification of such to align with local laws and regulations.

Information Security Governance, Risk & Compliance Analyst :

Develops and evaluates compliance with programs and processes to mitigate cybersecurity risk and ensure protection of company and allied assets and information.

Researches and interprets current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements.

Conducts information security risk assessments, security compliance audits and cybersecurity audits.

Establishes IT security audit procedures relevant to SOX, HIPAA, PCI DSS and international data privacy laws.

Evaluates and tests the design and operating effectiveness of IT security controls. Maintains compliance of internal IT security controls by meeting internal and external information security requirements.

Documents, investigates and reports cybersecurity compliance issues and incidents. Works with business leaders to ensure information security risk findings are reviewed and solutions are implemented.

Knowledge, Skills and Attributes :

Personal Attributes and Skills Required

Demonstration of NTT Ltd core values of Proactivity, Teamwork, Professional Excellence, Partnership, Personal Commitment and Multi-Cultural Strength.

Good knowledge of security risks and preventative controls

Good understanding of security operational processes and controls

Good project, analysis, problem solving, and business relationship skills

Computer Science Degree or equivalent together with specialised training in new technologies and legacy systems

Excellent communication skills

Must be an intelligent, articulate and persuasive leader who can serve as an effective member of the senior management team and who is able to communicate security-related concepts to a broad range of technical and non-technical staff

Should have experience with business continuity planning, auditing, and risk management, as well as contract and vendor negotiation

Must have strong working knowledge of pertinent law and the law enforcement community

Highly developed technical capability across a broad range of Security products / solutions

Interpersonal skills and the ability to develop strong customer (Internal / External) relationships

Strong industry and market awareness

Ability to negotiate / influence

Ability to communicate to all audiences levels (executive to technical)

Comfortable with presenting and communicating solutions internally and to clients / market at a business and technical level

Track record of effective workshop and interview skills

Good interpersonal and consultative skills.

Strong professional documentation skills

Ability to map business needs to technology solutions

Ability to discuss and report technology and information security risk with non-technology and executive business stakeholders

Interpersonal skills with the ability to develop strong relationships

Ability to engage and guide a team of engineers

A strong client service orientation

A team player willing to develop and share IP

This position must be ardently attuned to security news, trends, risks, and events and be able to understand vulnerabilities and exploit code sufficiently to understand security implications and assess their impacts.

Maintain up-to-date knowledge of security threats, countermeasures, security tools, and network technologies

Conduct security assessments, Document findings, create reports and communicate recommendations to executive management in verbal and written format

Experienced with tools such as IDS / IPS, Hacking (Penetration testing) tools, Vulnerability Management tools, Firewalls, VPNs, VMware, Honeynets, etc.

Thorough understanding of Windows and Unix-based vulnerabilities and exploitation techniques

Comprehensive understanding of operating systems, network architectures, and system administration

Familiarity with network protocols

Academic Qualifications and Certifications :

Degree / Certifications Information Technology / Audit / Risk Management

Security Certifications CISA, CRISC or equivalent (Highly Desirable) , Lead Auditors (ISO 27001)

Required Experience :

Experience of working in crross multicultural teams accross multiple countries

Security Professional that understand Security Compliance and posture

Consulting experience an advantage

At least 3 years’ work relevant experience

At least 3 years’ experience in Technology Information Security Industry

What will make you a good fit for the role?

Nahlásit tuto nabídku

Thank you for reporting this job!

Your feedback will help us improve the quality of our services.

Můj e-mail
Kliknutím na "Pokračovat", souhlasíte s tím, že neuvoo sbírá a zpracovává vaše osobní údaje, které jste poskytli v tomto formuláři, aby vytvořili neuvoo účet a přihlásili vás k odběru emailových upozornění v souladu s naší Ochranou Osobních Údajů . Váš souhlas můžete vzít kdekoliv zpět, následováním těchto kroků .