Cyber Risk and Assurance Associate Director
- Recruiter
- IHS Markit
- Location
- Noida, Uttar Pradesh, India
- Salary
- Competitive salary
- Posted
- 21 Oct 2020
- Closes
- 22 Oct 2020
- Ref
- R17400
- Job role
- Compliance/risk, Finance director
- Sector
- Digital
- Experience level
- Director
Cyber Risk and Assurance Associate Director
Summary:
The Operational Assurance and Compliance (OAC) team provides oversight, support and monitoring to address risk and meet regulatory, contractual and best practice requirements. OAC is part of the Global InfoSec team. This position will require an understanding of cybersecurity and IT from both a business and technical perspective and have operational experience working in some or all of these areas. The successful candidate will work with various teams within IT, InfoSec, Sales, Product and Response Management.
This position is responsible, along with other team members, for assessing risk and control activities related to our various cloud environments, specifically AWS cloud native and VMC. Accountable for assisting in the design of the controls, mapping and assessing VMC and AWS controls, providing documentation for client assessments and due diligence, and operational compliance. Provide guidance to control owners in control design and identify areas of gaps and ineffective control implementation. Support internal customers as they transition to AWS and VMC ensuring their understanding of their controls and what is required to maintain a controlled environment. Define compliance report requirements, interpret and analyze report results and manage control remediations. Identify controls for automation and develop and implement the automation. The successful candidate must have the ability to grow and develop the role to align with our changing environment and technical landscape.
Specific Job Duties:
Required Experience/Education:
Required Skills:
Travel: Less than 20% travel may be required.
Inclusion and diversity are critical to the success of IHS Markit, and we actively encourage applications from people of all backgrounds. We are committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, status as a protected veteran, or any other protected category. For more information on the many ways in which we enthusiastically support inclusion and diversity efforts for both candidates and employees, please access our Inclusion & Diversity Statement here .
We are proud to provide reasonable accommodations to applicants with disabilities. If you are interested in applying for employment with IHS Markit and need special assistance or an accommodation to use our website or to apply for a position, please contact or call +1 212 849 0399. Determination on requests for reasonable accommodation are considered on a case-by-case basis. This contact information (email and phone) is intended for application assistance and accommodation requests only. We are unable to accept resumes or provide information about application status through the phone number or email address above. Resumes are only accepted through the online application process, and only qualified candidates will receive consideration and follow-up.
IHS Markit maintains a substance-free workplace; employees may be asked to submit to a drug test (where permitted by law). In addition, as a federal contractor in the United States, the company participates in the E-Verify Program to confirm eligibility to work.
For information please click on the following links:
IHS Markit Business Code of Conduct
Right to Work
EEO is the Law
EEO is the Law Supplement
Pay Transparency Statement
Current Colleagues
If you are currently employed by IHS Markit, please apply internally via the Workday internal careers site.
Summary:
The Operational Assurance and Compliance (OAC) team provides oversight, support and monitoring to address risk and meet regulatory, contractual and best practice requirements. OAC is part of the Global InfoSec team. This position will require an understanding of cybersecurity and IT from both a business and technical perspective and have operational experience working in some or all of these areas. The successful candidate will work with various teams within IT, InfoSec, Sales, Product and Response Management.
This position is responsible, along with other team members, for assessing risk and control activities related to our various cloud environments, specifically AWS cloud native and VMC. Accountable for assisting in the design of the controls, mapping and assessing VMC and AWS controls, providing documentation for client assessments and due diligence, and operational compliance. Provide guidance to control owners in control design and identify areas of gaps and ineffective control implementation. Support internal customers as they transition to AWS and VMC ensuring their understanding of their controls and what is required to maintain a controlled environment. Define compliance report requirements, interpret and analyze report results and manage control remediations. Identify controls for automation and develop and implement the automation. The successful candidate must have the ability to grow and develop the role to align with our changing environment and technical landscape.
Specific Job Duties:
- Develop processes to test controls, identifying gaps and tracking items to resolution.
- Manage the performance of operational assurance and control testing in areas of cybersecurity and IT related security areas.
- Present the gap analyses from the results of assessing risk , to the various groups and facilitates the development of remediation plans and resolutions.
- Monitor the work with stakeholders and staff to maintain the remediation plans and produce periodic status and compliance reports.
- Partner with the Response Management team in responding to customer risk assessments and questionnaires regarding cloud environments, including speaking with customers directly when appropriate.
- Develop relationships with various technical teams in building consistent and accurate cloud responses for the Response Management team.
- Ensure the associated teams are timely and accurate in managing the completion of the action items raised during risk assessments and audits.
- Ensure consistent cybersecurity content that can be utilized across customers and products and address relevant gaps.
- Support product teams in understanding and executing controls in preparation to move to the Cloud or VMC.
- Identify controls for automation and implement the automation.
- Define compliance report requirements, interpret and analyze to create dashboards.
- Work closely with other Cyber Security team members in developing a product and enterprise risk profile by product lines and technical services offerings.
Required Experience/Education:
- Bachelor's degree, or equivalent prior work experience, at a minimum of 10 years.
- General knowledge and work experience within Information Security, risk, vulnerability and IT.
- Demonstrated experience with Cloud/VMC control environments preferred
- Cross organization experience required.
- Understanding of SOC Compliance and other industry control frameworks.
- Relevant certifications (CISA, CRISC, CISSP, CISM, etc.) a plus.
Required Skills:
- Demonstrate experience working in a continuously evolving and transforming environment.
- Good interpersonal skills and ability to work across various organizations and levels.
- May be required to accommodate US work hours
- Experience working remote of other team members.
- Working knowledge and understanding of a shared services model.
- Process oriented with exceptional organizational skills.
- Must be able to work effectively in a matrix organization and foster team cooperation.
- Ability to work effectively direct and indirectly managing colleagues.
- Desire to learn about and stay current with a complex and rapidly changing environment.
- Problem-solving skills, creative and collaborative in finding solutions related to complex and multilayered problems.
- Critical thinking with the ability to use logic and reasoning to identify strengths and weaknesses of alternative solutions, conclusion or approaches.
- Ability to work in a geographically dispersed team and independently with minimum supervision.
- Attention to detail
- O365 and Microsoft Office Suite, particularly Excel & SharePoint/Teams
Travel: Less than 20% travel may be required.
Inclusion and diversity are critical to the success of IHS Markit, and we actively encourage applications from people of all backgrounds. We are committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, status as a protected veteran, or any other protected category. For more information on the many ways in which we enthusiastically support inclusion and diversity efforts for both candidates and employees, please access our Inclusion & Diversity Statement here .
We are proud to provide reasonable accommodations to applicants with disabilities. If you are interested in applying for employment with IHS Markit and need special assistance or an accommodation to use our website or to apply for a position, please contact or call +1 212 849 0399. Determination on requests for reasonable accommodation are considered on a case-by-case basis. This contact information (email and phone) is intended for application assistance and accommodation requests only. We are unable to accept resumes or provide information about application status through the phone number or email address above. Resumes are only accepted through the online application process, and only qualified candidates will receive consideration and follow-up.
IHS Markit maintains a substance-free workplace; employees may be asked to submit to a drug test (where permitted by law). In addition, as a federal contractor in the United States, the company participates in the E-Verify Program to confirm eligibility to work.
For information please click on the following links:
IHS Markit Business Code of Conduct
Right to Work
EEO is the Law
EEO is the Law Supplement
Pay Transparency Statement
Current Colleagues
If you are currently employed by IHS Markit, please apply internally via the Workday internal careers site.
Similar jobs
-
New
Similar jobs
-
New