Regatta Solutions Inc. is looking for a Cyber Security Assessment Analyst conducts and supports the cyber security controls risk assessment and management process across all our suppliers. Responsibilities include assessing the suppliers current adequacy of the security controls & strategy, business continuity /disaster recovery plans, threats to the systems, and then calculating the impact of potential adverse events. Audits and assessments must be continual, as the threat profiles change constantly.
The Analyst will keep executive management up to date on the results of the risk assessment and make recommendations for mitigations, or projects, to protect supplier and customer systems
Roles and Responsibility
- Demonstrate strong knowledge in IT controls, risk assessments, and assessment of security measures
- Identify opportunities to continuously innovate and improve the program and value delivered to organization
- Ensure successful completion of the annual supplier cyber security assessments
- Independently and proactively plans and performs assigned audit engagements related to security, confidentiality, integrity, information protection and availability of data
- Conduct cyber security assessments & evaluate in alignment to the supplier security control framework
- Ensure effectiveness of approved controls and drive risk remediations or changes from previous audit for existing certified suppliers
- Inform and advise business leaders on supplier’s information security risks
- Provide subject matter expertise in third-party risk management.
- Proactively research and work in enhancing improvements to our existing process related to documentation and security assessments.
- Automate security assessment processes & tools to review the security controls for cloud-based applications
- Ability to multi-task and manage multiple global projects at the same time.
- Ability to work collaboratively across diverse team in a matrix type organization
Education and Requirements
- Bachelor’s degree in Science & Engineering or technical discipline is required .
- 7 years of information security & assessment experience with increased responsibilities
- In-depth knowledge of security assessment/audit principles
- Understanding of networking principles and data protection
- Ability to identify problems, analyze data and present conclusions
- Strong verbal, written and presentations skills
- Knowledge of information security frameworks such as ISO 27001 /NIST CSF is preferred
- CISA, CISSP, CISM, certifications are preferred
- Excellent communication skills.
- Able to work as part of a virtual global team with cultural, language, and time zone differences.
- Able to deal with ambiguity and work independently with minimal supervision/guidance.