The Business Information Security Office (BISO) Cyber Security Risk Analyst is a member of the Business Information Security Office within Global Cyber Security and works closely with the global lines of business, the Digital & Technology (D&T) Solutions & Delivery teams, and other D&T teams.
Roles and Responsibilities: Interfaces with the client for RFPs, inquiries, and client security audit reviews. Understands and communicates policies and standards for inquiries internally and externally. Maintains client relationship by responding to client security-related inquiries and documenting actions. Prepares for client inquiries by studying our products, services, and client service processes. Responds to client inquiries by understanding inquiry; reviewing previous inquiries and responses; gathering and researching information; assembling and forwarding information; verifying client’s understanding of information and answer. Manages, prepares, and dispatches client security support requests. Records client inquiries by documenting inquiry and response in clients’ accounts. Improves quality service by recommending improved processes and identifying new client security requirements from clients. Updates job knowledge by participating in educational opportunities. Accomplishes client service and organization mission by completing related results as needed. Actively supports the execution of the GCSO program and other plans developed by the Business or as applicable. Strong working knowledge related to cyber security governance, controls, and effective monitoring is a plus.
Awareness & Training: Facilitates awareness and training programs as needed based on issue/risk trends. Promotes awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to business unit. Distributes information security awareness materials and publications appropriately within the business.
Relationship Management: Builds relationships and engage frequently with business leaders and client account teams. Frequently interact with, and educate, business leads and their Senior Management team on current issues and overall status of the global cyber security program. Help drive cyber security best practices between organizations and countries. Identify key business contacts to ensure adequate coverage for the business’ security program. Maintain a positive relationship with client auditors
Qualifications and Education Requirements: 5+ years of experience in technology with 2+ years in information security governance, risk or compliance Experience giving presentations and superb communication skills
Preferred Skills: 3+ years of client-facing experience in sales, sales support, or service delivery Subject matter experience in application security (security by design), vulnerability testing, identity management, and incident response with deep experience in software engineering/development. 1+ years of risk management experience or direct participation in risk management processes, including application risk classification and application control assessments. Knowledge and familiarity in using ServiceNow for Request Management and GRC Management. Bachelor's and/or Master’s degree in Computer Science, Information Technology or related field