Role Overview
Reporting directly to the Head of Cyber Risk & Assurance, you will play a key role in ensuring adherence to security standards across the region.
The role’s core function is to support the goals of the CRA team by managing non-compliance issues related to security policies, handling control assurance activities, and delivering insights and updates to various governance boards.
A strong foundation in information security and experience collaborating with business units are essential, as this role involves independently addressing CRA objectives, identifying risk factors in critical controls, and actively promoting awareness of security measures and practices.
The analyst will leverage their technical and analytical expertise to manage regional cyber responses and create reliable management reports reflecting security status. Additionally, they’ll work closely with global teams to suggest process improvements, such as automation opportunities, to streamline and standardize security practices across regions.
Key Responsibilities
- Oversee regional Security Issues and Policy Exceptions, coordinating with technical teams and issue owners.
- Advise business units on InfoSec practices to strengthen overall security.
- Develop security posture insights at the country level.
- Contribute to regional reporting for governance forums.
- Support assurance initiatives focused on key controls, particularly around Identity & Access Management, and assess and mitigate associated risks.
- Build and sustain business relationships to increase awareness of security postures.
- Collaborate with the Global Cyber Risk & Assurance team for additional support as needed.
Skills and Experience
Qualifications
- 2–5 years of experience in cybersecurity or technology risk management.
- Familiarity with key information security standards and frameworks (e.g., ISO/IEC 27001/27002, PCI-DSS, NIST).
- Understanding of risk management methodologies and principles.
- Proficiency in Microsoft Office and other essential business software.
- Strong organizational, time management, and multi-tasking abilities.
- Excellent interpersonal, written, and verbal communication skills.
Educational Background and Certifications
- Pursuing or completed at least two years in a degree program (Associates, Bachelors, or Masters) in Information Technology, Information Security, or a related STEM field, with a projected grade of at least 2:1.
- Relevant coursework or certification interests (e.g., CompTIA, CISA, CRISC, CGEIT, GSEC, CISSP) in information security, ethical hacking, or computer forensics are advantageous.