Information Security Assurance Analyst job from Pearson Lanka Pvt Ltd in Colombo, Sri Lanka
Friday 24th, April 2020
Information Security Assurance Analyst
The Information Security Assurance Analyst (ISAA) coordinates security assurance activities with project managers, technology-focused analysts, engineers and administrators in the IT organisation, the ISAA translates the IT-risk requirements and business constraints into technical control requirements and specifications based on standard templates and design patterns.
The ISAA also develops and tracks metrics for ongoing performance measurement and reporting across CISO for all Regions.
Initiate project triages and establish key security requirements for each IT Project.
Security liaison with the business on various projects.
Support projects to comply with information security controls through the project delivery life-cycle.
Assist resource owners and IT staff in understanding and responding to security requirements and controls.
Work as a liaison with vendors and the legal and purchasing departments to establish mutually acceptable contracts and service-level agreements in delivery of projects.
Work with the CISO and IT and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security assurance process both performed by the team and regionally.
Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
Develop a strong working relationship with the security engineering team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.
Support Regional Information Security Officers in producing Regional Security Performance reporting and KPIs tracking, e.g. security vulnerability reporting, tracking and closure.
As directed lead small remediation projects with global product and technology teams.
Contribute to the development and maturity of the security assurance framework.
Management and enhancement of service activity reporting for security assurance in order to assist the team in meeting defined performance goals.
Support the team in performing assurance remediation validation checks before project releases.
Maintains the security posture of the eGRC platform by assisting where needed in administrative functions and system management.
Lead targeted risk assessments and contribute to the maturity of the program.
Support the department’s risk management forum activities where needed.
Essential skills and experience:
Self starter with fixation on the Customer experience (Externaland Internal) of Information Security and Risk Management.
Proficiency in performing risk, business impact, controls, vulnerability assessments, and in defining treatment strategies
Hands-on experience in understanding, developing, communicating security policy, risk and control requirements to products and project teams.
Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
Excellent verbal and written communications skills with experience of working with all levels of the business, often remotely via video conferencing.
The ability to interact with Pearson’s personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.
Working knowledge of Industry Standard Product and Program Development Life Cycle, including Secure SDLC.
Bsc in IT specialize in Cyber Security
Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.
Familiarity with applicable legal and regulatory requirements, including, but not limited to, the European General Data Privacy Regulation (GDPR) and PCI/DSS.
Security certification will be an added advantage.
Primary Location: LK-1-Colombo
Work Locations: LK-Colombo-Orion City Rigel Bldg Orion City Rigel Bldg No 752 Dr. Danister De Silva Mawatha Colombo 900
Organization: Technology & Operations
Employee Status: Regular Employee
Job Type: Standard
Shift: Day Job
Job Posting: Feb 25, 2020
Job Unposting: Ongoing
Schedule: Full-time Regular
Req ID: 2001778
Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants, including minorities, women, protected veterans, and individuals with disabilities are encouraged to apply.
Self starter with fixation on the Customer experience
performing risk, business impact, controls, vulnerability assessments, and in defining treatment strategies
analytical skills to analyze security requirements
verbal and written communications skills
interact with Pearson’s personnel, build strong relationships at all levels
Working knowledge of Industry Standard Product