Position Title: Cyber Risk Analyst
Position Type: Regular - Full-Time
Position Location: Gurgaon
Grade: Grade 04
Requisition ID: 33022
McCain Foods Limited is actively seeking a dedicated and self-motivated professional to join its dynamic Global Information Security team. The focus of this position is to act as an Information Security Risk expert responsible for enabling our business to make smart, risk-based decisions, on technology and business investments that have a successful impact on the information security posture for our world-renowned food company.
This Senior Information Security Analyst is a key member of the Information Security function responsible for leading and executing IT risk management and governance processes within the organization. This includes performing risk assessments, tracking mitigation efforts and developing risk metrics and risk reports. This position is also responsible for leading security risk-related projects and enhancement programs and contributing to and monitoring compliance to McCain's security policies and standards.
This role provides executives, leaders, decision-makers, and staff with the security insights they need to make those smart decisions. It combines program management skills with broad security domain knowledge; cross-company relationship building with rigorous data management; and insightful, business-relevant analysis.
McCain Foods provides each of our Information Security team members' exposure to a broad range of responsibilities, activities, and projects; providing you an accelerated opportunity to grow and develop professionally.
Primary Function
• Manage and improve a Third-Party Risk Assessment framework and methodology
• Enhance a repeatable process to assess third party cyber risk
• Establish and maintain relationships with the business owners to identify third parties, provide information regarding potential risks to the business information and content assets, and support review of contracts.
• Work with relevant business units and third parties to complete assessments, identify requirements, implement policies and procedures, and maintain an inventory of third-party vendors
• Optimize and streamline operating processes for risk assessments, analysis, and reporting metrics
• Establish and maintain relationships with key partners in the security, risk, legal, privacy, finance, and enterprise planning groups
• Support, update, enhance when possible, and maintain information security policies and procedures.
• Actively participate in Information Security Incident investigation as may be required.
Specific Skills & Knowledge:
• A broad knowledge of information security principles, and industry standards. Significant understanding of NIST, ISO27002, COBIT, and CIS
• Excellent written and verbal communication skills, with experience presenting and explaining complex design, information security concepts and IT risk-related concepts to technical and non-technical audiences.
• Able to successfully prioritize and manage to completion multiple complex tasks and deliverables.
• Act as security risk management "ambassador" to both internal and external customers. Provide guidance and leadership to other risk management team members.
• Ability to gain a comprehensive understanding of business needs and to deliver high-quality, prompt, and efficient service.
Education and Experience:
• Demonstrated capability in leading Information Security governance, risk, and compliance and controls assessment gained through relevant work experience in this field.
• University degree (computer sciences and/or engineering) highly desirable. Must have a current CISSP, CISM, CISA or related advanced IT security certification.
• Functional knowledge of ISMS governance models (i.e. ISO 27001, NIST), information security roles, and security controls.
• Functional knowledge of common security certifications (i.e. ISO 27001, SOC2) and ability to glean significance from findings identified in these reports.
• Ability to communicate risk methodologies and concepts to the business unit and IT.
• Strong interpersonal skills and ability to work effectively with diverse and distributed teams.
• Strong attention to detail, project management and organizational skills.
• Strong oral and written English skills are mandatory for this position.
• Knowledge of OneTrust platform is an asset.
McCain Foods is an equal opportunity employer. We see value in ensuring we have a diverse, antiracist, inclusive, merit-based, and equitable workplace. As a global family-owned company we are proud to reflect the diverse communities around the world in which we live and work. We recognize that diversity drives our creativity, resilience, and success and makes our business stronger.
McCain is an accessible employer. If you require an accommodation throughout the recruitment process (including alternate formats of materials or accessible meeting rooms), please let us know and we will work with you to meet your needs.
Your privacy is important to us. By submitting personal data or information to us, you agree this will be handled in accordance with the Global Employee Privacy Policy
Job Family: Information Technology
Division: Global Digital Technology
Department: Global IS Security
Location(s): IN - India : Haryana : Gurgaon
Company: McCain Foods(India) P Ltd