The Cyber Risk Management Analyst is responsible for assessing risk and compliance for the informational and system assets of TD SYNNEX and its suppliers.
Will be responsible for executing the implementation of the organization-wide ISMS risk management function of the information security program to ensure information security risks are identified, assessed, and monitored.
Will be responsible for assessing 3rd party risks of SaaS, IaaS, and PaaS partners utilized by the global enterprise.
Will be responsible for providing assurances to reseller, vendor partners, and other organizations that seek attestations from TD SYNNEX on its security program.
Duties and Responsibilities:
- Serve as a point of contact for the information security team for the business stakeholders and customers/vendors.
- Liaison with the Senior Manager of Cyber Assurance and Risk Management to ensure the strategy of the business objectives are balanced with appropriate risk awareness and management.
- Drive maturity of the organization to achieve and maintain ISO 27001/2 and CMMC compliance.
- Perform risk assessments on 3rd party suppliers.
- Conduct analysis of security incidents, decisions regarding risk, and measures for product, computer, network, cloud, and partner security.
- Participate in the implementation of the organization-wide ISMS risk management function of the information security program to ensure information security risks are identified, assessed, and monitored.
- Internally assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for the Company's information and technology systems.
- Analyze, track, and communicate adversarial and non-adversarial risks to IT and relevant business stakeholders.
- Track adversaries, motives, and techniques to ensure mitigating controls are adequate and adjust when there is a change in trending.
- Analyze mitigating controls to CIS standards, identify gaps, and action plans to track remediation and the environment risk posture.
- Maintain a view of major threat vectors, mitigating controls, and action plans to remediate gaps.
- Work with customers, external auditors, and outside consultants as appropriate on required security assessments and audits.
- Must be able to assess computer hardware, software, systems, and cloud for security risks or violations and work with company staff and technology vendors to recommend solutions.
Must be able to assess the status of complex multi-location projects as well as identify and track appropriate corrective measures to resolve issues as they arise.
- Must have a strong customer service orientation and the ability to project that attitude to customers in remote locations.
- Perform other duties as assigned to ensure the smooth functioning of the department and maintain the reputation of the organization as a viable business partner.
Qualifications
- 2 years of IT experience
- Excellent interpersonal, communication, and presentation skills, including formal report writing experience
- Experience interacting with customers and employees
- Ability to develop security standards and guidelines based on best practices and industry standards
- Ability to learn new skills quickly
Preferred Qualifications
- Understanding of common security and privacy standards, regulations, and laws relating to a cloud software development company (e.g., SOC 2, ISO 27001/2, GDPR)
- Knowledge of information security risk management frameworks and compliance practices, including ISO 27001 and NIST 800-171
- Bachelor's degree in information technology or other related field
- Skills in documenting risk and compliance activities
- Information security related training or certifications such as CISSP, CRISC, or CISA.
- Experience performing information security audits or risk assessments
- Familiarity with security auditing processes
- An understanding of policy development and dissemination
- Experience working with auditors and assessors.
What's In It For You?
- Elective Benefits: Our programs are tailored to your country to best accommodate your lifestyle.
- Grow Your Career: Accelerate your path to success (and keep up with the future) with formal programs on leadership and professional development, and many more on-demand courses.
- Elevate Your Personal Well-Being: Boost your financial, physical, and mental well-being through seminars, events, and our global Life Empowerment Assistance Program.
- Diversity, Equity & Inclusion: It's not just a phrase to us; valuing every voice is how we succeed.
Join us in celebrating our global diversity through inclusive education, meaningful peer-to-peer conversations, and equitable growth and development opportunities.
- Make the Most of our Global Organization: Network with other new co-workers within your first 30 days through our onboarding program.
- Connect with Your Community: Participate in internal, peer-led inclusive communities and activities.
#J-18808-Ljbffr