Apply now »

Title:  GRC Analyst

Location: 

Bangalore, Karnataka, IN, 560071

Requisition ID:  127089

Job Summary

The GRC Analyst – Third Party Risk Management will focus on facilitating the review of third-party suppliers to ensure that third parties can adequately protect NetApp’s data and meet required disaster recovery expectations to guide the organization towards continuous compliance with ISO27001, DFARS/NIST 800-171, GDPR, and DORA framework guidelines. The analyst will work with the overall Security GRC team and internal business units to identify risks in third party relationships both at time of onboarding and throughout the relationship to support organizational objectives. The analyst will be responsible for all aspects of the third-party lifecycle, including internal risk assessments, evidence review, reporting, continuous monitoring, and incident response.

 

Job Requirements

•    Ensures third parties are tracked and reviewed according to security standards within expected timelines 
•    Performs security reviews and identify security gaps resulting in remediations for the organization
•    Engages with technical and business process owners to understand third party relationships and the services they will be providing to  
•    Reviews Master Service Agreements, End User Licensing Agreements and other contractual documents for appropriate security language as necessary 
•    Identifies security and continuity risks with third party relationships and escalates as appropriate to business and risk stakeholders 
•    Develops process documentation for completing third party reviews and assessments
•    Defines and delivers appropriate GRC metrics, analytics, and scorecards; create monthly metric report
•    Identifies opportunities for process automation through the use of analytics
•    Interacts in both oral and written communications with all levels of technical and executive staff in matters related to third party security and continuity 
•    Works with Internal Audit and outside consultants as appropriate on required assessments and audits 
•    Ability to demonstrate a strong understanding of various compliance and regulatory areas (e. g. DORA, GDPR, DFARS/NIST 800-171, ISO27001) or the risk register, risk exposure, risk reporting and handling of risk events. 
•    Excellent written and verbal communication skills. 
•    Strong analytical and problem-solving skills. 
•    Project management skills to plan, execute, and monitor initiatives.
•    The ability to work well with people from many different disciplines with varying degrees of technical experience. 
•    Ability to stay current with emerging threats and industry trends to improve organization’s third party risk management posture
•    Information security related training or certifications such as CISA, CISSP, or CRISC  
•    Experience performing information security audits or risk assessments
•    Familiarity with Third Party Risk management processes

 

Preferred Qualifications

  • BTech in Computers science or a related field required with a minimum of 5-9 years of related experience of which at least 7 years of experience in business process analysis is required and minimum 2 years of GRC (governance, risk, compliance) experience with methodologies, activities, tools, and enablers in a technology related industry is required


Job Segment: Compliance, Internal Audit, Risk Management, Business Process, Information Security, Legal, Finance, Management, Technology

Apply now »