Skip to the main content.
CONTACT US SCHEDULE A DEMO
CONTACT US SCHEDULE A DEMO
Partner Programs
Technology Partners
Featured Report

netenrich-gartner-emerging-tech-security-report

We're hiring!

IS GRC Analyst

Experience: 2-4 Years    Hyderabad (Work from Office)

Netenrich is redefining security operations with a proactive, shift-left approach. Our Adaptive MDR solution, powered by Resolution Intelligence Cloud™ technology, leverages artificial intelligence and big data to deliver customized experiences and data-driven results for every customer. With a focus on agility and innovation, our solution evolves with your changing needs, and brings you a step closer to achieving autonomic operations.

As a trusted Google partner, specializing in Chronicle SecOps, we’ve transformed hundreds of companies across various sectors, including healthcare, finance, and technology. From our global hubs, we provide 24/7 proactive uninterrupted operations, peak performance, and peace of mind.

Apply Now

Job Summary

The Netenrich (NE) IS Security Governance, Risk, and Compliance (GRC) Analysts develop and maintain information security policies and workforce training and awareness.

The GRC Analyst serves as a critical resource for staff and leaders regarding information security policy implementation, interpretation, and compliance. The GRC Analyst assesses and prioritizes information security and cybersecurity risk across the organization, facilitates compliance with regulatory requirements and information security policies, and develops and reports on information security metrics. The GRC Analyst is responsible for reducing information security and cybersecurity risk to NE by helping to prioritize and drive remediation efforts throughout the organization through the following:

  • Establishing and maintaining governance and compliance standards.
  • Conducting risk assessments to identify vulnerabilities internally and within vendor or third-party supplier products.
  • Creating, maintaining, communicating, and enforcing information security policies.
  • Advising senior leadership on risk management strategies, including risk mitigation, risk reduction, risk transfer, the risk exception process and residual risk analysis.

The GRC Analyst independently executes high-quality, enterprise-class solutions consistent with regulations and established frameworks. The GRC Analyst holds team and organization level responsibilities and may lead small to medium scale projects. The Analyst works with employees, and leaders across NE and our partners and affiliates.

Required Skillsets

S. No Skillset *Level of Competency
1. Understanding of ISO 27001 Standard and SOC 2 Framework, GDPR, CCPA. Intermediate to Advanced
2. Cloud technologies, SaaS Concepts and associated security concepts and implementation Intermediate to Advanced
3. Exposure and understanding of at least one full cycle of Internal and External Audits Intermediate
4. Problem solving, Organisational Awareness and Understanding, Critical Thinking, Mentoring & Teaching and Thorough Attention to Detail Intermediate to Advanced
5. Self-Organisation, Comfort with change, Influencing & Persuading and self-driven Intermediate

 

Levels of Competencies

Amateur
Beginner
Intermediate
Advanced

Education

Bachelors OR master’s degree in IT/ Information Security OR related field.

 

Work Experience

2-4 years of progressive and responsible experience in Information Security Risk Management, IT / IS Controls Frameworks & Standards, Audits and Assessments, exposure and understanding of regulatory requirements from a privacy and security standpoint.


Licences & Certifications

  • Should have OR pursuing before 31 July 2024: LA ISO 27001:2022
  • Good to have OR Pursuing: CISA / CISM / CISSP/ CEGIT

Major Job Responsibilities


Information Security Risk Assessment

  • Identifies, analyses, evaluates, and documents information security risks and controls based on established risk criteria.
  • Conducts and coordinates security risk assessments / Vulnerability Assessments, respectively, of planned and installed information systems to identify vulnerabilities and risks.
  • Recommends controls to mitigate security risks identified via the risk assessment process. Communicates risk findings and recommendations that are clear and actionable by business stakeholders.

Governance & Compliance

  • Drives and implements a data security risk reporting framework, aligned with the organisational framework, for management teams and governance committees.
  • Designs and documents technical, administrative, and physical controls to ensure the business demonstrates compliance, ensuring that NE meets both the requirements and intent of its regulatory and compliance obligations.
  • Facilitates the remediation of control gaps and escalates critical issues to leadership.
  • Manages an exception review and approval process, and assures exceptions are documented and periodically reviewed.
  • Prepares for and facilitates examinations by qualified security assessors for audits and assessments such as ISO 27001 and SOC 2.
  • Works closely with control owners and internal and external auditors to ensure requests are completed timely.
  • Assists with the evaluation of the effectiveness of the information security program by developing, monitoring, gathering, and analysing information security and compliance metrics for management.

Security Policy Management and Workforce Training and Awareness

  • Supports workforce security activities including culture, awareness, and training.
  • Facilitates eDiscovery and collection of data to support investigations of possible security or policy violations.
  • Analyses information security incidents in collaboration with other stakeholders. Coordinates remediation and awareness training.
  • Researches, recommends, and contributes to information security polices, standards, and procedures.
  • Assists with the lifecycle management of information security policies and supporting documents.
  • Works with other organizational participants to implement information security policies.

Third-party Supplier and Vendor Risk Management

  • Performs third-party supplier risk assessments to ensure supply chain risk is managed throughout the supplier's lifecycle.
  • Assesses and reports on the risks and benefits for the business as well as mandates for supplier compliance.
  • Articulates results of the final assessments to business stakeholders, project sponsors, program managers, and other internal parties.
  • Assists with review of information security sections within supplier contracts, identifies gaps, and recommends security and data privacy content to close gaps.
  • Maintains inventory of relevant suppliers/vendors, controls, and risks for ongoing vendor risk management activities.

Apply Now

Interested candidates should email their resumes to  jobs@netenrich.com to apply for the job. Please include the job title in the subject line of the email.