Previous Job
Previous
Information Risk Assessment
Ref No.: 19-00831
Location: Metro Manila, Metropolitan Manila
Position Summary:
The Information Risk Analyst is responsible for performing third party risk assessments for Information Security controls, to identify significant risks to the organization, identify potential solutions, and drive stakeholders to implement the solutions. The individual will be responsible for following documented processes, working with internal stakeholders for enhancing existing process, tracking remediation of findings and reporting. Individual will also be responsible for working with internal stakeholders to document any instance of noncompliance to DTCC Policies, recommend remediation and track remediation to closure.

Principal Responsibilities:
• Participate in and influence third party risk assessment process improvement and documenting the overall process and improvements
• Perform Third party risk assessments to identify Technology risks
• Partner with the business and technology to agree cybersecurity risk findings identified through the Third Party risk assessment
• Provide risk finding recommendations that the business and Third Party Suppliers may implement to mitigate identified finding gaps
• Partner with Third Party Risk team to ensure that risks findings are clearly articulated in a manner that is understood by business and The Third Party Suppliers
• Evaluate vendor responses to ensure that remediation plans and tasks adequately address identified control gaps
• Build all needed Documentation for the Third Party risk assessment and remediation processes
• Assist with the assessing internal non compliance to policies
• Recommend remediation plans to stakeholders and track them to closure
• Participate in and influence process improvements
• Assist the business and technology groups through the DTCC processes
• Develop and operationalize reports to meet stakeholder requirements (e.g. Senior management reports, detailed reports etc.)
• 2- 4 years of experience in Information security risk assessments
• 2 - 4 years of risk assessment experience in Third party risk management area

Proficiency with Information Risk Management best practices Knowledge and Skills Required:

• Proven ability to execute vendor Third party risk assessment programs
• Experience interfacing with other internal or external organizations regarding risk and compliance findings
• Proven knowledge of security methodologies, policies, standards and best practices
• Proven knowledge of information technology systems, infrastructure and operations and how they affect an organization's cybersecurity risk

• Ability to explain and articulate technical concepts using both technical and non-technical language
• Technical documentation writing skills
• Critical thinking and analytical skills
• Excellent skills in office tools (MS Word, PowerPoint, Excel and VISIO)
• Ability to work collaboratively by building consensus and influencing decision making to foster forward progress with projects and initiatives
• Strong oral and written communication skills
• Excellent organizational skills, coupled with ability to be versatile and flexible
• Sound business judgment and the ability to work successfully with all levels of management
• Excellent grammar and style skills; ability to adapt writing style for different audiences and media Education
Training and Certification: Bachelor's degree preferred CISSP/CISM/CRISC certification preferred