Information Security Assurance Analyst job from Pearson Lanka Pvt Ltd in Colombo, Sri Lanka

IT-Hardware / Networking IT-Software / Internet Quality Assurance

Information Security Assurance Analyst

Description

Job Purpose

The Information Security Assurance Analyst (ISAA) coordinates security assurance activities with project managers, technology-focused analysts, engineers and administrators in the IT organisation, the ISAA translates the IT-risk requirements and business constraints into technical control requirements and specifications based on standard templates and design patterns.

The ISAA also develops and tracks metrics for ongoing performance measurement and reporting across CISO for all Regions.

Key Responsibilities:

• Initiate project triages and establish key security requirements for each IT Project.

• Security liaison with the business on various projects.

• Support projects to comply with information security controls through the project delivery life-cycle.

• Assist resource owners and IT staff in understanding and responding to security requirements and controls.

• Work as a liaison with vendors and the legal and purchasing departments to establish mutually acceptable contracts and service-level agreements in delivery of projects.

• Work with the CISO and IT and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security assurance process both performed by the team and regionally.

• Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.

• Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.

• Develop a strong working relationship with the security engineering team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.

• Support Regional Information Security Officers in producing Regional Security Performance reporting and KPIs tracking, e.g. security vulnerability reporting, tracking and closure.

• As directed lead small remediation projects with global product and technology teams.

• Contribute to the development and maturity of the security assurance framework.

• Management and enhancement of service activity reporting for security assurance in order to assist the team in meeting defined performance goals.

• Support the team in performing assurance remediation validation checks before project releases.

• Maintains the security posture of the eGRC platform by assisting where needed in administrative functions and system management.

• Lead targeted risk assessments and contribute to the maturity of the program.

• Support the department’s risk management forum activities where needed.

Qualifications

Essential skills and experience:

• Self starter with fixation on the Customer experience (Externaland Internal) of Information Security and Risk Management.

• Proficiency in performing risk, business impact, controls, vulnerability assessments, and in defining treatment strategies

• Hands-on experience in understanding, developing, communicating security policy, risk and control requirements to products and project teams.

• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.

• Excellent verbal and written communications skills with experience of working with all levels of the business, often remotely via video conferencing.

• The ability to interact with Pearson’s personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.

• Working knowledge of Industry Standard Product and Program Development Life Cycle, including Secure SDLC.

Qualifications:

• Bsc in IT specialize in Cyber Security

• Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.

• Familiarity with applicable legal and regulatory requirements, including, but not limited to, the European General Data Privacy Regulation (GDPR) and PCI/DSS.

• Security certification will be an added advantage.

Primary Location: LK-1-Colombo

Work Locations: LK-Colombo-Orion City Rigel Bldg Orion City Rigel Bldg No 752 Dr. Danister De Silva Mawatha Colombo 900

Job: Technology

Organization: Technology & Operations

Employee Status: Regular Employee

Job Type: Standard

Shift: Day Job

Job Posting: Feb 25, 2020

Job Unposting: Ongoing

Schedule: Full-time Regular

Req ID: 2001778

Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants, including minorities, women, protected veterans, and individuals with disabilities are encouraged to apply.