Senior Security Risk Analyst

Senior Security Risk Analyst
Chennai, India or Bangalore, India
 

The Opportunity:

Anthology offers the largest EdTech ecosystem on a global scale, supporting over 150 million users in 80 countries. Our mission is to provide dynamic, data-informed experiences to the global education community so that learners and educators can achieve their goals.

We believe in the power of a truly diverse and inclusive workforce. As we expand globally, we are committed to making diversity, inclusion, and belonging a foundational part of not only our hiring practices but who we are as a company.

For more information about Anthology and our career opportunities, please visit www.anthology.com.

Anthology’s Information Technology Security Program leads the engineering and operation of technology to monitor and enhance confidentiality, integrity, and availability of all corporate information systems and products. This team is a core part of Anthology, providing it substantial opportunities to influence the overall corporate mission.

As Senior Security Risk Analyst, you are part of Information Security team and will report to the Senior Manager, Internal Audit and Risk Management. The Governance, Risk & Compliance team and higher-level Information Security team provides services to all corporate departments, including, but not limited to, Business Architecture, Corporate IT, Privacy, Program/Project Management, Product Development, and Legal.

Primary responsibilities will include:

• Owning the development and continued maturation of Anthology’s security and privacy risk management program
• Reviewing and evaluating Anthology’s corporate and product security and privacy risks by assessing the effectiveness and adequacy of internal management controls, and recommending control enhancements
• Performing assessments of new programs and projects to determine the information security risk(s) and determine the applicable/reasonable security controls that need to be implemented to mitigate the risk(s)
• Providing guidance and advice to business stakeholders to realize ‘security by design’ by validating requirements prior to Go-Live
  • This includes defining any remaining risks, validating them with business stakeholders, recommending mitigations, registering them, and following up on remediation progress
• Executing structured risk assessments of key applications with focus on compliance with company policies, frameworks, and standards (e.g., CIS, ISO27001, ISO27701, ISO27017, ISO27018, NIST 800 series, SOC2)
• Executing risk assessments on processes or specific issues and defining risks with proposed mitigation actions
• Conducting vendor risk assessments and reviewing process for improvements
• Driving compliance to policies and standards while providing transparency of compliance status
• Creating security awareness and educating internal stakeholders on risk management methodology
• Keeping up with relevant international legislation, emerging threats, forecasts, policies, risk management developments and benchmarks
• Aligning with other security risk management teams and related functions including Corporate IT, our data privacy office, and internal audit

The Candidate:

Required skills/qualifications:

• Minimum of 5 years of relevant experience in information security risk management, particularly around assessments/audits
• Knowledge of and experience with security standards and frameworks such as ISO, NIST, CIS, etc.
• Experience with translation of IT threats and vulnerabilities to business risks
• Experience in a global organization with the proven ability to navigate complex, international work environments
• Fluency in written and spoken English
• Effective project management skills
• Experience with cloud technologies (e.g., AWS, Azure)

Preferred skills/qualifications:

• Experience in a global organization with the proven ability to navigate complex, international work environments
• Experience using the Center for Internet Security’s Risk Assessment Methodology (CIS-RAM)
• Relevant industry certifications (e.g., CRISC, CISM, CISA, CISSP, CCSP)
• Experience working with project management tools
• Experience documenting security-related policies or procedures
• Ability to pick up on new technologies and skills quickly

This job description is not designed to contain a comprehensive listing of activities, duties, or responsibilities that are required. Nothing in this job description restricts management's right to assign or reassign duties and responsibilities at any time. 

Anthology is an equal employment opportunity/affirmative action employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, national origin, marital status, disability, sexual orientation, gender identity/expression, protected military/veteran status, or any other legally protected factor.