The Cyber Risk Management Analyst is responsible for assessing risk and compliance for the informational and system assets of TD SYNNEX and its suppliers. This role involves executing the implementation of the organization-wide ISMS risk management function of the information security program to ensure information security risks are identified, assessed, and monitored. The analyst will also assess 3rd party risks of SaaS, IaaS, and PaaS partners utilized by the global enterprise and provide assurances to reseller, vendor partners, and other organizations that seek attestations from TD SYNNEX on its security program.
Duties and Responsibilities Serve as a point of contact for the information security team for the business stakeholders and customers/vendors.
Liaison with the Senior Manager of Cyber Assurance and Risk Management to ensure the strategy of the business objectives is balanced with appropriate risk awareness and management.
Drive maturity of the organization to achieve and maintain ISO 27001/2 and CMMC compliance.
Perform risk assessments on 3rd party suppliers.
Conduct analysis of security incidents, decisions regarding risk, and measures for product, computer, network, cloud, and partner security.
Participate in the implementation of the organization-wide ISMS risk management function of the information security program to ensure information security risks are identified, assessed, and monitored.
Internally assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for the Company's information and technology systems.
Analyze, track, and communicate adversarial and non-adversarial risks to IT and relevant business stakeholders.
Track adversaries, motives, and techniques to ensure mitigating controls are adequate and adjust when there is a change in trending.
Analyze mitigating controls to CIS standards, identify gaps, and action plans to track remediation and the environment risk posture.
Maintain a view of major threat vectors, mitigating controls, and action plans to remediate gaps.
Work with customers, external auditors, and outside consultants as appropriate on required security assessments and audits.
Assess computer hardware, software, systems, and cloud for security risks or violations and work with company staff and technology vendors to recommend solutions.
Assess the status of complex multi-location projects and identify and track appropriate corrective measures to resolve issues as they arise.
Exhibit a strong customer service orientation and project that attitude to customers in remote locations.
Perform other duties as assigned to ensure the smooth functioning of the department and maintain the reputation of the organization as a viable business partner.
Qualifications 2 years of IT experience.
Excellent interpersonal, communication, and presentation skills, including formal report writing experience.
Experience interacting with customers and employees.
Ability to develop security standards and guidelines based on best practices and industry standards.
Ability to learn new skills quickly.
Preferred Qualifications Understanding of common security and privacy standards, regulations, and laws relating to a cloud software development company (e.g., SOC 2, ISO 27001/2, GDPR).
Knowledge of information security risk management frameworks and compliance practices, including ISO 27001 and NIST 800-171.
Bachelor's degree in information technology or other related field.
Skills in documenting risk and compliance activities.
Information security related training or certifications such as CISSP, CRISC, or CISA.
Experience performing information security audits or risk assessments.
Familiarity with security auditing processes.
An understanding of policy development and dissemination.
Experience working with auditors and assessors.
What's In It For You? Elective Benefits : Our programs are tailored to your country to best accommodate your lifestyle.
Grow Your Career : Accelerate your path to success with formal programs on leadership and professional development, and many more on-demand courses.
Elevate Your Personal Well-Being : Boost your financial, physical, and mental well-being through seminars, events, and our global Life Empowerment Assistance Program.
Diversity, Equity & Inclusion : It's not just a phrase to us; valuing every voice is how we succeed. Join us in celebrating our global diversity through inclusive education, meaningful peer-to-peer conversations, and equitable growth and development opportunities.
Make the Most of our Global Organization : Network with other new co-workers within your first 30 days through our onboarding program.
Connect with Your Community : Participate in internal, peer-led inclusive communities.
#J-18808-Ljbffr