Skip to the main content.
CONTACT US SCHEDULE A DEMO
CONTACT US SCHEDULE A DEMO
Partner Programs
Technology Partners
Featured Report

netenrich-gartner-emerging-tech-security-report

We're hiring!

IS GRC Senior Analyst

Experience: 4+ Years    Hyderabad (Work from Office)

Netenrich is redefining security operations with a proactive, shift-left approach. Our Adaptive MDR solution, powered by Resolution Intelligence Cloud™ technology, leverages artificial intelligence and big data to deliver customized experiences and data-driven results for every customer. With a focus on agility and innovation, our solution evolves with your changing needs, and brings you a step closer to achieving autonomic operations.

As a trusted Google partner, specializing in Chronicle SecOps, we’ve transformed hundreds of companies across various sectors, including healthcare, finance, and technology. From our global hubs, we provide 24/7 proactive uninterrupted operations, peak performance, and peace of mind.

Apply Now

Job Summary

The Netenrich (NE) IS Security Governance, Risk, and Compliance (GRC) Senior Analyst develops and maintains information security risk management program, internal/external audit and compliance. The GRC Senior Analyst serves as a critical resource for staff and leaders regarding information security risk management implementation, interpretation, and compliance.

The GRC Senior Analyst assesses and prioritizes information security and cybersecurity risk across the organization, facilitates compliance with regulatory requirements and information security policies, and develops and reports on information security metrics. The GRC Senior Analyst is responsible for reducing information security and cybersecurity risk to Netenrich by helping to prioritize and drive remediation efforts throughout the organization through the following:

  • Establishing and maintaining governance and compliance standards.
  • Conducting risk assessments to identify vulnerabilities internally and within vendor or third-party supplier products.
  • Creating, maintaining, implementing, and communicating risk-based audits and assessments.
  • Advising senior leadership on risk management strategies, including risk mitigation, risk reduction, risk transfer, the risk exception process and residual risk analysis.
  • Lead, mentor, and develop a team of GRC auditors, fostering a culture of continuous improvement.

The GRC Senior Analyst independently executes high-quality, enterprise-class solutions consistent with regulations and established frameworks. The GRC Senior Analyst holds team and organization level responsibilities and may lead small to medium scale projects. The Senior Analyst works with employees and leaders across NE and our partners and affiliates.

Required Skillsets

S. No Skillset *Level of Competency
1. Understanding of ISO 27001 Standard and SOC 2 Framework, GDPR, CCPA. Advanced
2. Cloud technologies, SaaS concepts and associated security concepts and implementation Advanced
3. Exposure and understanding of at least one full cycle of internal and external audits Advanced
4. Problem solving, organisational awareness and understanding, critical thinking, mentoring & teaching and thorough attention to detail Intermediate to Advanced
5. Self-organisation, comfort with change, influencing & persuading and self-driven Advanced

 

Levels of Competencies

Amateur
Beginner
Intermediate
Advanced

Education

Bachelors OR master’s degree in IT/ Information Security OR related field.

 

Work Experience

4-6 years of progressive and responsible experience in Information Security Risk Management, IT/IS Controls Frameworks & Standards, Audits and Assessments, exposure and understanding of regulatory requirements from a privacy and security standpoint.


Licences & Certifications

  • Should have OR pursuing before 31 May 2024: LA ISO 27001:2022
  • Good to have OR pursuing: CISA / CISM / CISSP/ CEGIT

Major Job Responsibilities


Audit Planning and Execution

  • Develop a risk-based audit plan that ensures the appropriate coverage of IT risks, ensuring that audits are conducted according to relevant IT audit standards/frameworks.
  • Work within a matrix organization, actively engaging with stakeholders to execute planned project/ad hoc requests, share insights, and provide administrative support where needed.
  • Execute and lead IS audits to assess the effectiveness of internal controls, information security, and compliance with relevant policies and regulations.
  • Identify and evaluate IS risks and controls, providing recommendations for improvement that have a direct benefit to the business.
  • Design, develop, and/or review the audit approach and audit programs to guide the team in completing assigned audit projects.

Risk Management

  • Collaborate with cross-functional teams to assess and validate IS-related risks.
  • Identify and proactively address business and regulatory issues/concerns.
  • Monitor and report on emerging trends and developments in the IS/IT landscape that may impact the organization's risk profile.
  • Conduct risk assessments to identify potential areas of vulnerability and recommend corrective actions.
  • Background in infrastructure security, SDLC, and secure SaaS practices, including experience with assessment, development, implementation, optimization, and documentation.
  • Expertise in security review processes, data protection, cryptography, IAM within cloud environments, SaaS, IaaS, and PaaS.
  • Experience with cloud-based microservice-oriented architecture, security and governance tools, network administration security, and enterprise applications.
  • Direct architecture experience with GCP, Azure and AWS is an advantage but not mandatory.
  • Drives and implements a data security risk reporting framework, aligned with the organizational framework, for management teams and governance committees.
  • Designs and documents technical, administrative, and physical controls to ensure the business demonstrates compliance, ensuring that NE meets both the requirements and intent of its regulatory and compliance obligations.

Stakeholder Communication

  • Candidate should be able to showcase the ability to work across geographical boundaries and support joint initiatives effectively.
  • Communicate audit findings and recommendations to key stakeholders including but not limited to senior management.
  • Develop and maintain productive working relationships with business unit management and risk management leaders.
  • Work collaboratively with IT/DevOps/CloudOps Management regarding general controls reviews and assessments.

Compliance and Policy Adherence

  • Review compliance with industry standards, laws, and regulations related to IS/IT.
  • Evaluate the effectiveness of IS/IT policies and procedures and recommend enhancements.
  • Stay abreast of changes in regulations and proactively update internal controls accordingly.

Team Leadership and Development

  • Lead, mentor, and develop a team of GRC auditors, fostering a culture of continuous improvement.
  • Provide training and support to ensure the team is equipped to handle evolving IS/IT risks and challenges.

Apply Now

Interested candidates should email their resumes to jobs@netenrich.com to apply for the job. Please include the job title in the subject line of the email.