Role: Information Security Analyst / GRC Specialist / Compliance Officer

Experience: At least 1-year relevant experience

Skills: Experience in performing Internal ISMS, BCMS audits, knowledge of BCP, BIA, Risk assessment, understanding of ITGC controls, knowledge of data privacy/GDPR, PCI DSS, HIPPA, SOC 1 & 2 audits, good communication and interpersonal skills, and knowledge of hardening.

Location: Muntinlupa, Philippines

We at Coforge are hiring Information Security Analyst / GRC Specialist with the following skillset:

• Implementation and monitoring the organization's information security policies and procedures (ISO 27001).

• Thorough knowledge of SSAE 18 and able to manage organizations certification of SSAE 18.

• Monitors compliance with the organization's security policies and procedures among employees, contractors, alliances and other third parties and takes corrective action.

• Plans and conducts internal audits for ISO 27001, ISO 22301, PCI, HIPAA, SOC/SSAE compliance verification.

• Performs information security risk analysis and periodic information system activity reviews for information security processes.

• Monitors internal control systems to ensure that appropriate information access levels and security clearances are maintained.

• Initiates, facilitates and promotes activities to foster information security awareness within the organization.

• Facilitates third party and client security audits and track actionable to closure.

• Implements, monitor & govern the organizations policies and procedures on business continuity ISO 22301.

• Coordinates the development of the organizations disaster recovery and business continuity plans for information systems and tests readiness.

• Assists in implementation of data access security measures by identifying, analyzing and resolving security and system problems relating to data access security, applications, programs and functions.

• Recommends improvements and upgrades to the security posture of the organization, such as evaluation of new software/hardware required to meet a business need or designing scripted/automated solutions to make a process more efficient.

• Maintain organizations certification of ISO 22301 standard & Periodic audits as per ISO 22301 requirements.

• Maintain and develop BCM policy, procedures of the organization.

• Monitor events that can lead to crisis situation and manage incidents.

• Coordinate with functional teams to understand business continuity requirements/dependencies.

• Assist in performing business impact analysis (‘BIA’) for all processes and seek sign off from respective stakeholders.

• Prepare BCP documents for new clients & maintain and review existing ones periodically.

• Work with operations and other stakeholder and ensure BCP is implemented as per plan

• Track all BCM related documents and ensure that they are reviewed and approved before the timelines.

• Assist in handling information security and business continuity incident management and reporting.

• Assist business to prepare and review business continuity document and business impact document.

• Assist business to conduct business continuity test (table top, actual movement, call tree etc.) On a periodic basis.

• Maintain all evidence related to BCM e.g. Fire drill reports, awareness reports, prepare & publish BCM mailers, test and maintenance reports of BCP related critical equipment’s etc.).

• Provide support to business transition team for business continuity requirements for the new projects.

Please refer to job description.