Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
Job Summary: The Technology Risk Analyst plays a crucial role in identifying, assessing, and mitigating technical risks within an organization. Has an understanding of Enterprise Risk Management practices in a technical environment. This professional is responsible for developing and implementing risk management strategies to safeguard technology assets, systems, and operations. Technology risk analyst provides guidance on information security processes, controls, and compliance, and information security risk management to key stakeholders. The role requires a combination of technical expertise, risk analysis skills, and the ability to collaborate with cross-functional teams to ensure the effective management of technical risks.
Key Responsibilities:
Risk Identification:
- Conduct comprehensive assessments of potential technical risks associated with the organization's systems, infrastructure, and technology projects.
- Stay abreast of industry trends, emerging technologies, and potential vulnerabilities that may impact the organization's technical landscape.
Risk Assessment:
- Evaluate the potential impact and likelihood of identified risks, considering both internal and external factors.
- Work closely with technical teams to assess the security posture of systems and applications through vulnerability assessments and penetration testing.
- The ability to articulate the business risks associated with technical vulnerabilities and risks.
Risk Mitigation Planning:
- Develop and implement risk mitigation strategies and action plans to address identified technical risks.
- Collaborate with IT teams to prioritize and implement security measures, controls, and safeguards to mitigate potential threats.
Incident Response and Management:
- Establish and maintain an incident response plan to address technical incidents promptly and effectively.
- Coordinate with relevant stakeholders to investigate and resolve technical security incidents, ensuring lessons learned are incorporated into future risk management strategies.
Compliance and Standards:
- Ensure that the organization complies with relevant regulatory requirements and industry standards related to technical risk management.
- Stay informed about changes in regulations and standards, adjusting risk management processes accordingly.
- Facilitate deployment and maintenance of Technology risk and controls model with assigned Technology teams using globally known and industry standard models (e.g., COBIT5, OCTAVE, FAIR, NIST, ISO) as references.
- Manage and provide leadership on all key information security processes and procedures.
Communication and Reporting:
- Communicate technical risk information to both technical and non-technical stakeholders, including executives and board members.
- Provide regular reports on the status of technical risks, mitigation efforts, and key performance indicators to demonstrate the effectiveness of risk management strategies.
- Direct the activities of project managers and project teams to ensure quality and timeliness of project completion.
- Development of project business cases, charters, plans and execution approach.
- Proven strong stakeholder engagement and management capabilities.
Training and Awareness:
- Develop and deliver training programs to enhance the awareness and understanding of technical risks among employees.
- Foster a culture of security awareness and responsibility throughout the organization.
Vendor Risk Management:
- Evaluate and manage risks associated with third-party vendors and partners, ensuring they meet the organization's security standards.
Act as the change agent in the identification and execution of initiatives:
- Develop and implement strategies to protect the company’s cyber security. Including firewalls, security software, data encryption tools, safety protocols, etc.
Qualifications:
- Total work experience of 6+ years with a minimum of 3 years in relevant field of work.
- Bachelor's or Master's degree in Computer Science, Information Security, Risk Management, System Resiliency & Availability & Software development practices and frameworks, Products and operations, Access and identity management, application security, assurance programs, or a related field.
- Proven experience in technical risk management, information security, or a related role.
- Industry Relevant Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), Certificate of Cloud Security Knowledge (CCSK), CPA, CIA, AWS, CIPP, CBCP, CRM or equivalent are highly desirable.
- Strong understanding of technology, information security principles, and risk management frameworks.
- Excellent analytical, communication, and interpersonal skills.
- Ability to work collaboratively with cross-functional teams and stakeholders.
- Knowledge of widely known Enterprise Architecture frameworks like TOGAF, SABSA, etc..
- Project Management Certification (PRINCE II, PMP, Agile or otherwise) and be an outcome focussed self-starter.
- Current knowledge of best practice IT controls, risk management techniques, ISO27001, SOC1/2/3 SSAE18, CSA Star (CCM), PCI DSS and familiarity with GRC tools.
- Hands-on product experience on Qualys Enterprise Tru-Risk Platform and similar leading security automation products with broad market presence shall be added advantage.
What We Do
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings.
The Qualys Cloud Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices. Founded in 1999 as one of the first SaaS security companies, Qualys has strategic partnerships and seamlessly integrates its vulnerability management capabilities into security offerings from cloud service providers, including Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organizations. For more information, please visit http://www.qualys.com