Job Information
The Economist Cyber Risk and Compliance Analyst in Gurugram, India
Introduction
The Economist Group is the leading source of analysis on international business and world affairs. We deliver our information through a range of formats, from newspapers and magazines to conferences and electronic services.
The Information Security team operates the Information Security Program and is responsible for the standard of information security across the Group. We define and implement our security strategy and mitigation activities across our brands. We work with business units to ensure that the confidentiality, integrity and availability risks that they are exposed to are clearly understood and appropriately managed.
The Cyber Risk and Compliance Analyst is a member of the Information Security team and the job holder is responsible for establishing, implementing, monitoring, reviewing and improving a suitable set of controls to protect our information assets and ensure the business objectives of the organisation.
Responsibilities:
Conduct risk assessments to identify potential vulnerabilities and threats to the organisation's information systems, networks, and data.
Develop and implement comprehensive GRC frameworks and risk management strategies and policies to mitigate identified risks and enhance organisational resilience.
Monitor and evaluate the effectiveness of risk management strategies and policies.
Ensure compliance with applicable regulatory and legal requirements, as well as industry standards and best practices (PCI-DSS 4.0)
Develop and maintain an effective vendor risk management program.
Conduct vendor risk assessments and evaluate vendors' compliance with applicable security requirements.
Work closely with third-party vendors to ensure their adherence to our organisation's security policies and standards.
Identify and address any security gaps or vulnerabilities in the vendor management process.
Ensure that all vendor contracts contain appropriate security requirements.
Develop and deliver training to employees on cyber security and risk management best practices.
Coordination of annual General IT Controls Audit and any other ad-hoc Audit.
Maintaining the policy library and monitoring compliance and review.
Requirements :
Bachelor's degree in Cyber Security, Information Technology or related field.
At least 2 years of experience in risk and compliance, with a focus on cyber security.
Strong knowledge of cyber security regulations, standards and best practices, including NIST, ISO 27001 and PCI-DSS.
Experience in developing and implementing effective risk management strategies and policies.
Experience in conducting vendor risk assessments and managing vendor relationships.
Experience with assisting with audits
Excellent analytical and problem-solving skills.
Excellent communication and interpersonal skills.
Ability to work independently and as part of a team
Accountabilities
Conduct risk assessments to identify potential vulnerabilities and threats to the organisation's information systems, networks, and data.
Develop and implement comprehensive GRC frameworks and risk management strategies and policies to mitigate identified risks and enhance organisational resilience.
Monitor and evaluate the effectiveness of risk management strategies and policies.
Ensure compliance with applicable regulatory and legal requirements, as well as industry standards and best practices (PCI-DSS 4.0)
Develop and maintain an effective vendor risk management program.
Conduct vendor risk assessments and evaluate vendors' compliance with applicable security requirements.
Work closely with third-party vendors to ensure their adherence to our organisation's security policies and standards.
Identify and address any security gaps or vulnerabilities in the vendor management process.
Ensure that all vendor contracts contain appropriate security requirements.
Develop and deliver training to employees on cyber security and risk management best practices.
Coordination of annual General IT Controls Audit and any other ad-hoc Audit.
Maintaining the policy library and monitoring compliance and review.
Experience, skills and professional attributes
Bachelor's degree in Cyber Security, Information Technology or related field.
At least 4 years of experience in risk and compliance, with a focus on cyber security.
Strong knowledge of cyber security regulations, standards and best practices, including NIST, ISO 27001 and PCI-DSS.
Experience in developing and implementing effective risk management strategies and policies.
Experience in conducting vendor risk assessments and managing vendor relationships.
Experience with assisting with audits
Excellent analytical and problem-solving skills.
Excellent communication and interpersonal skills.
Ability to work independently and as part of a team
Job LocationsIndia-Gurugram
ID 2024-9996
Function Technology