Information Security Analyst

Key responsibilities:
•    Conduct risk assessment activities of third-party vendors, including evaluating their security practices, compliance with regulatory requirements, and overall security risk profile. 
•    Prepare gap analysis for the third-party security posture and assist with the remediation plan recommendations, follow up and tracking of those plans through completion.
•    Develop a thorough understanding of the Third party risk assessment process and act as the Primary point of contact with the business to support new supplier Onboarding. 
•    Work with various internal teams such as Procurement, Legal, Finance, etc. to ensure the internal alignment and completion of prerequisites. 
•    Review the security terms of contracts, prepare final risk assessment reports for third-party vendors, provide advice on remediation plans to mitigate the control gaps identified, follow up with the business on the implementation of remediation plans, conduct risk reassessment activities of third-party vendors when needed.
•    Work on a team within the Information Technology organization focusing on compliance programs, processes, initiatives and acting as a point of contact and collaborating with other organization units within the company in these matters. 
•    Respond to requests for information to support audit, regulatory, and technology standards reviews.
•    Respond to security questionnaires and analyze client contracts to ensure information security and compliance objectives have been adequately addressed.  
•    Prepare and present reports on a regular basis, and as directed or requested, to keep the team informed of the operation and progress of compliance efforts.
•    Develop a clear understanding and working knowledge of Tranzact internal processes, including the organizations’ internal controls.  Organize data and other key information to assist with improved organizational efficiencies. 
•    Develop proficiency in the laws and regulations pertaining to our Industry.

 

The Requirements:
•    Degree in a relevant Information Technology area preferably with a focus on information security.
•    A minimum of 4 years of professional work experience in Information Security conducting information security assessments of third-parties, mitigation activities and monitoring third-party security risks.
•    Proven knowledge of cybersecurity frameworks and standards (NIST 800-53, COBIT, SOX, ISO 27001/27002), risk assessment methodologies and controls assurance techniques.
•    Basic knowledge of Cybersecurity and Information Technology principles.
•    Strong verbal and written communication skills, interpersonal collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences across various levels.
•    Possess the relationship skills, cultural awareness, and organizational prowess required to work effectively Capable of delivering results through a position of influence, not authority. Take personal initiative and is a positive example for others to emulate.
•    Ability to work independently and as part of a team. 
•    Excellent communication skills, with the ability to interact with the business and technical teams.
•    Proven proficiency in English language (written and verbal).
•    Industry certifications such as CRISC, CISM, CISA or CISSP are desirable.
•    Knowledge of Archer GRC Tool is desirable.
 

At TRANZACT we promote inclusion and job insertion without distinction based on disability, gender, orientation, gender identity and expression, place of origin or any other reason protected by national legislation. The company respects diversity and does not tolerate acts of discrimination in its processes.

As a company, we believe in equal opportunities and inclusion. Consequently, this job opening is applicable to people with disabilities (in accordance with what is stated in Law No. 29973).