(Global Petroleum Gas) Cybersecurity Risk Analyst

• Conduct comprehensive risk-based security assessments to gather risk specific information about IT solutions/systems and generate security assessment reports.
  
• Communicate the identified IT cyber risks with all IT risk owners and ensure a risk remediation plan is received.
  
• Develop and manage methods to monitor and measure IT cyber risks states.
  
• Perform security analysis and reviews to gaps discovered by different security control assessments to assess the criticality level and identify the risk remediation prioritization.
  
• Perform risk analysis (e.g., threats, vulnerability, and probability of occurrence) whenever an IT solution undergo a major change.
  
• Work as a security control assessor to ensure cyber risks identified, analyzed and managed during the IT solutions deployment lifecycle.
  
• Conduct security authorization reviews for IT production deployments of new IT solutions and networks.
  
• Use innovative data analysis methodologies and tools to identify the assets to be assessed and analyze the available evidence
  
• Participate in key IT projects to provide security-related consultations and necessary assessments.
  

Requirements

• Highly experienced in performing risk-based cybersecurity analysis and evaluations, specifically for IT solutions.
  
• Experienced and very knowledgeable of internal or external IT-related audit assessments, and/or cybersecurity compliance assessments.
  
• Experienced in evaluating the effectiveness of existing security controls and thoroughly able to identify, analyze and manage risks.
  
• Strongly skilled in developing various IT risk scenarios to effectively quantify identified risks.
  
• Ability to effectively develop and communicate recommendations based on various security control assessment results to provide different means to minimize risks, such as risk criticality rating, prioritization of risk remediation.
  
• Detail oriented with ability to examine and evaluate security controls and issues resulted from different security assessments and/or IT solutions deployment lifecycle to determine cyber risks and provide recommendations.
  
• Exhibit a continuous learning mindset for security education & awareness
  
• Excellent verbal and written communication skills, including the ability to effectively participate in and sometimes lead discussions and meetings with internal management and other groups involved in technology control assessments.
  
• Preferred to be proficient in eGRC solutions.
  
• Proficient in MS Office - Microsoft Word, Excel, and PowerPoint. Quickly adapt to new tools and software applications.
  
• Basic project management skills.
  
• Education
  
• Minimum Bachelors degree, preferably in Cybersecurity (Information Assurance), Computer Science, or Information Technology.
  
• Other Certifications/Credentials
  
• CRISC or equivalent industry-recognized risk and information assurance certification required.