Sr. Analyst Information Security

MAIN DUTIES:

In the Sr. Information Security Analyst role, you will help ensure that Welocalize’s Information Security Management System is documented, adequately maintained and continuously developed in parallel with the company’s strategies and ongoing developments in the world of Information Security.

You will create awareness of Information Security and mobilize the organization in the development and implementation of Information Security policies and programs. You will also facilitate the company’s approach to Risk Assessment and mitigation in line with international best practice in this area.

The following is a non-exhaustive list of responsibilities and areas of ownership for this role:

Responsibilities:

- Manage the documentation, implementation, monitoring and enforcement of Welocalize’s information security policies, standards and control processes 

- Managing an active employee security awareness training program

- Implement and manage ongoing internal auditing of Info Security policy and key controls within the business 

- Provide consultation services to business units and recommends methods to mitigate security risks

- Investigate breaches of security controls, and implement additional compensating controls when necessary 

- Manage security incidents and recommend escalation and remediation steps 

- Proactive awareness of laws and regulations that could affect the security controls and classification requirements of Welocalize’s information assets 

Major Focus: 

- Driving and ensuring compliance with Welocalize’s ISMS on a global basis

 - Assist the business units’ sales activities by compiling content for and coordinating responses to strategic RFPs and security questionnaires 

 - Working with Senior Director of Quality Strategy and VP Supply Chain to validate supplier information security requirements and ensure alignment with Welocalize security strategies

- Coordinate Welocalize’s internal security audit program and ensure that audits are scheduled, resourced and carried out in accordance with our InfoSec ISO obligations 

- Conducting annual Risk Assessments, using an agreed methodology, to satisfy our customer security requirements and obligations.

REQUIREMENTS

• Experience Required (Minimum 3-5 years) 
• Familiarity with information security management to ISO 2700x standards 
• Support sales and operations as an information security subject-matter expert  
• Information security risk assessment and gap analysis experience 
• Strong technical leaning and ability to effectively relate to technical people including IT/IS & software development 
• Delivering security documentation and policies 


• Education Level BS (or equivalent) in Business, IT, Management of Info Systems 
•   Information Security Management Certification (i.e. ISO 27001, CISM, CIPM, etc.) preferred 
• IT Engineering background a plus 


• Specific Competences Required 


• Drive/impact 
• Persuasive communication 
• Relationship building 
• Process development 
• Knowledge management 
• Risk analysis 
• Accuracy & follow-up