Senior Cybersecurity Risk Analyst (Pune/Remote)

IT | Pune (IN)

As an analyst working in the Cybersecurity organization, this role is an important individual contributor to the 2nd Line of Defense and focused on cybersecurity program reporting for the MINDBODY organization. In this role, you will support the management and reporting of cyber risk through various programs, including: vulnerability management, policy and standards, phishing campaigns, third party / vendor risk, security awareness, customer security questionnaires, internal risk assessments and compliance management.

 

MINIMUM QUALIFICATIONS AND REQUIREMENTS:

• Bachelor’s degree in Computer Science or equivalent

• 4+ years’ related IT Risk or cybersecurity experience

• Familiarity with CIS 20, PCI, HITRUST, GDPR, HIPAA, ISO, NIST, SOC1/2, SOX • Strong analytical and critical thinking skills

• Process-oriented and well organized

• Ability to follow standard procedures and recognize the need for occasional deviation from guidelines

• Capacity to manage workload by applying an understanding of team priorities ensuring optimal use of available time and resources

• Can clearly and concisely express ideas and disseminates information

• Ability to recognize opportunities to provide good customer service and demonstrate courtesy in all interactions

• Has established skills to perform a range of day-to-day and routine activities; acquires job skills needed for more difficult and varied assignments

PRINCIPAL DUTIES AND RESPONSIBILITIES:

• Accountable to MINDBODY business units for coordinating outbound customer security questionnaires in a timely manner

• Support MINDBODY’s Third Party Risk program by conducting ongoing analysis, reporting and facilitation of third-party risk analysis questionnaires

• Coordinate internal cybersecurity risk assessments, security compliance audits and cybersecurity audits

 

MINDBODY JOB DESCRIPTION

• Monitor and manage cybersecurity risk /exception registers and escalations to ensure that risks are accurately identified, recorded and actively being managed

• Report to management on IT system vulnerability and protection treatments

• Clearly document and define cybersecurity risks and potential impacts of such an event and identify systems affected by the defined risk

• Direct data collection and visual reporting for cybersecurity and IT Risk programs

• Coordinate self-assessments and report on findings.

• Proposing and gathering metrics to track progress and measure effectiveness of IT Risk approach

• Meet with stakeholders to identify people, process and technology components required to develop impact assessment, requirements and implementation plans for mitigation projects

• Help prepare communication, training and related materials

• Perform gap analysis over existing and new cyber security laws and correlate the result with our security doctrine coverage

• All other duties as assigned