Security Risk Analyst
Description
Governance Risk Compliance Security Engineer
Chennai, India
The Opportunity:
Anthology delivers education and technology solutions so that students can reach their full potential and learning institutions thrive. Our mission is to empower educators and institutions with meaningful innovation that’s simple and intelligent, inspiring student success and institutional growth.
The Power of Together is built on having a diverse and inclusive workforce. We are committed to making diversity, inclusion, and belonging a foundational part of our hiring practices and who we are as a company.
For more information about Anthology and our career opportunities, please visit www.anthology.com.
Anthology’s Information Security team leads the governance, risk, and compliance program to enhance and ensure the confidentiality, integrity, and availability of all corporate information systems and products. This team is a core part of Anthology, providing it substantial opportunities to influence the overall corporate mission and culture.
We are building a team focused on high impact collaboration with our partners across the corporation leveraging transparency, trust, and innovation to elevate Anthology security through partnership and teamwork. We are seeking to hire the best talent, leveraging their skills to augment the team, and providing support and training to foster well-rounded individuals positioned for ongoing career success.
As Governance Risk Compliance Security Engineer, you will be a detail-oriented compliance professional with a desire to improve enterprise security through engagement with partners throughout the organization to ensure security policies, procedures and guidelines are communicated effectively, monitored for compliance, and reported accurately. You will report to the Senior Director of Governance, Risk and Compliance for the Information Security team.
Specific responsibilities will include:
- Assisting in managing daily operations of the Risk Management Program
- Assisting in the review and evaluation of Anthology’s corporate and product security and privacy risks by assessing the effectiveness and adequacy of internal management controls, and recommending control enhancements
- Performing assessments of new programs and projects to determine the information security risk(s) and determine the applicable/reasonable security controls that need to be implemented to mitigate the risk(s)
- Providing guidance and advice to business stakeholders to realize ‘security by design’ by validating requirements prior to Go-Live
- This includes defining any remaining risks, validating them with business stakeholders, recommending mitigations, registering them, and following up on remediation progress
- Executing structured risk assessments of key applications with focus on compliance with company policies, frameworks and standards (e.g., CIS, ISO27001, ISO27701, ISO27017, ISO27018, NIST 800 series, SOC2)
- Conducting vendor risk assessments
- Driving compliance to policies and standards while providing transparency of compliance status
- Keeping up with relevant international legislation, emerging threats, forecasts, policies, risk management developments and benchmarks
- Aligning with other security risk management teams and related functions including Corporate IT, our data privacy office, and internal audit
The Candidate:
Required skills/qualifications:
- 2-5 years of relevant experience in Information Security Risk Management, particularly around assessments/audits
- Knowledge of and experience with security standards and frameworks such as ISO, NIST, CIS, etc.
- Translation of IT threats and vulnerabilities to business risks
- Experience in a global organization with the proven ability to navigate complex, international work environments.
- Strong written and oral communication skills
- Effective project management skills
- Experience with cloud technologies (e.g., AWS, Azure)
- Fluency in written and spoken English
Preferred skills/qualifications:
- Experience in a global organization with the proven ability to navigate complex, international work environments
- Experience using the Center for Internet Security’s Risk Assessment Methodology (CIS-RAM)
- In possession of relevant industry certifications (e.g., CRISC, CISM, CISA, CISSP, CCSP)
- Experience working with project management tools
- Experience documenting security-related policies or procedures
- The ability to pick up on new technologies and skills quickly
- Experience with cloud technologies (e.g., AWS, Azure)
This job description is not designed to contain a comprehensive listing of activities, duties, or responsibilities that are required. Nothing in this job description restricts management's right to assign or reassign duties and responsibilities at any time.
Anthology is an equal employment opportunity/affirmative action employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, national origin, marital status, disability, sexual orientation, gender identity/expression, protected military/veteran status, or any other legally protected factor.