Jobbeschreibung:

\\r\\nPosition \\r\\nSr GRC Analyst (Experience 5-8 years)\\r\\n\\r\\nRoles and Responsibilities\\r\\n Perform vendor risk assessments against all security domains\\r\\n\\r\\n \\r\\n Perform technical implementation assessments from a security perspective related to\\r\\n vendor integrations (i.e. API integrations, SFTP integrations, etc.) to validate the secure implementation of the third party service at PANW\\r\\n\\r\\n Maintain and expand Customer Trust knowledge base\\r\\n\\r\\n Support PANW customer security assessment requests\\r\\n\\r\\n Support PANW customer audits \\r\\n\\r\\n \\r\\nJob Skill Requirement \\r\\n \\r\\n Excellent understanding and practical application of industry security frameworks including\\r\\n SANS Critical Security Controls, CIS Controls, ISO 27001, NIST SP 800-53, PCI DSS, and SOC2.\\r\\n\\r\\n Great understanding of IT control frameworks (COBIT) and IT general controls\\r\\n\\r\\n Strong knowledge of information security concepts, risk and controls concepts \\r\\n\\r\\n Strong knowledge of standards such as ISO 27001/2, NIST CSF, NIST 800-53, TSC 2017 (SOC2),\\r\\n PCI DSS, etc. \\r\\n\\r\\n Strong knowledge of security control domains such as Asset Management, Configuration\\r\\n Management, SDLC, Logging and Monitoring, Data Security, Network Security, Security Governance, Identity Access Management, Vulnerability Management, etc.\\r\\n\\r\\n Proficiency in a wide spectrum of technical security controls encompassing logical access\\r\\n control, encryption , data loss prevention, secure coding practices, security architecture, vulnerability management, and network security technologies.\\r\\n \\r\\n Expert in conducting Vendor risk assessments and understand risk exposure of technology\\r\\n deficiencies and translating them to business impact\\r\\n \\r\\n Strong domain experience in security risk assessments\\r\\n \\r\\n Working knowledge of risk treatment and exception processes\\r\\n\\r\\n Strong knowledge of Security architecture design and review including key security controls\\r\\n related to authorization, authentication, and encryption of data in transit/at rest \\r\\n \\r\\n Ability to configure and/or maintain 3rd party customer audit management tools (such\\r\\n as OneTrust Compliance Automation or a similar tool ) for automated evidence collection to support customer audits is a plus\\r\\n \\r\\n Ability to configure and/or maintain 3rd party vendor risk management tools (such as\\r\\n OneTrust vendor assessment or a similar tool ) for third party risk assessments is a plus\\r\\n \\r\\n One or more certifications such as CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor and\\r\\n Lead Implementer\\r\\n \\r\\n Open to learning and working on new domains and technology\\r\\n \\r\\n Good written and spoken communications skills to explain and articulate technical concepts\\r\\n effectively to stakeholders including system engineers, and auditors\\r\\n \\r\\n Strong attention to detail and diligence\\r\\n \\r\\nQualification Bachelor s Degree in Technology or Risk Management\\r\\nCISA/ CISM/CISSP certification, ISO 27001 (Lead Auditor) preferred\\r\\n\\r\\n

• To clearly understand the client's cybersecurity environment and respective product.
• To monitor, configure, and troubleshoot cybersecurity issues and related monitoring tools
• To analyse and validate cybersecurity incidents in-detail and help the L3 team with RCA/data or logs collection
• To enable knowledge transfer/trainings through creation/ maintenance of configuration documents, test plans, operational manuals and provide operational training to L1 team.
• To analyse and fine-tune cybersecurity policies, participate in cybersecurity review calls pertaining to change requests & recommendations on cybersecurity policy changes.
• To implement changes, monitor security device performance and implements pe