IT Risk Analyst
Dentons
- Madrid
- Permanente
- Tiempo completo
- Conduct risk assessments of the company's IT systems, processes, and data, and analyze efficiency of existing security controls, identify vulnerabilities and gaps in risk treatments.
- Respond to customer information security questionnaires and provide evidence of the company's security posture and compliance.
- Review client and suppliers' agreements in the parts pertaining to information security and ensure compliance with policies and regulations.
- Perform third-party supplier risk assessments and ensure that they meet the company's security standards and contractual obligations.
- Develop and update security policies, procedures, and guidelines and ensure they align with the company's objectives, clients, and regulatory requirements.
- Provide security awareness and training to the company's staff and stakeholders.
- Monitor and report on the company's security performance and compliance status and recommend corrective actions and improvements.
- Maintain documentation of compliance activities, including policies, procedures, risk assessments, and audit reports.
- Assist internal and external assessments and audits to ensure compliance with client requirements and industry-specific regulations such as GDPR, SOX, etc.
- Provide guidance and support to business practices on information security-related matters, including data classification, access control, etc.
- Research and stay updated on the latest laws and regulations, security trends, threats, and best practices.
- At least two years of experience in IT risk management, audit, or compliance focused role in information security.
- Knowledge of security frameworks, standards, and regulations, such as ISO 27001, NIST, GDPR, SOX etc.
- Knowledge of one or more risk management frameworks, knowledge of quantified risk management frameworks is preferred.
- Understanding of information security principles and practices, proficiency in information security tools and techniques with the ability to identify and mitigate security risks.
- Strong analytical, problem-solving, and decision-making skills.
- Excellent communication and interpersonal skills, ability to convey complex information security and risk concepts to non-technical audiences.
- Ability to work independently and collaboratively in a challenging fast-paced and dynamic environment.
- Certifications such as CISSP, CISA, CRISC are a plus, but not required.