Senior Information Security Risk Analyst

1 Month ago • 3 Years + • Cyber Security

Job Summary

Job Description

The Risk Analyst will operate within the governance, risk & compliance (GRC) service of Jumio's security function. This role involves identifying, analyzing, and influencing the management of information risks across the organization. Responsibilities include conducting information security risk assessments for internal processes, applications, and software solutions; identifying opportunities for risk posture improvement and developing remediation solutions; tracking risks in the information security risk register; collaborating with various internal departments such as Engineering, HR, IT, Finance, Sales, Privacy, and Legal; evaluating and managing security exception requests; and supporting third-party vendor risk management. The role also entails supporting GRC activities within the Information Security Management System (ISMS), maintaining certifications like SOC2, ISO 27001, and PCI DSS, managing the GRC platform, supporting security compliance monitoring, and contributing to security awareness training. The analyst will stay updated with cybersecurity trends and emerging threats to provide proactive risk mitigation recommendations.
Must have:
  • Manage GRC solutions (e.g., Eramba)
  • Manage 3rd party vendor assurance tools
  • Support fast-paced GRC capabilities
  • Assess risk severity and impact
  • Communicate risk findings effectively
  • Strong decision-making skills
  • Ability to influence others
  • Strong communication skills
  • Understanding of business needs
  • Excellent prioritization skills
  • Ability to multitask
  • Work in a fast-paced environment
  • Passion and energy for the subject
  • Desire to learn
  • Willingness to embrace change
  • Positive energy and outcome-driven
  • Adaptable and flexible
  • Fast learner with structured approach
  • High IQ and EQ
  • Excellent analytical and communication skills
Good to have:
  • 3+ years in information security/risk analysis
  • 3+ years in Security Risk Management or IT Audit
  • 3+ years with regulatory compliance (SOC2, ISO 27000, PCI DSS)
  • CISSP, CISM, or CISA certification
  • BS or MA in Business, Computer Science, Information Security, or related field

Job Details

Role Purpose: 

The  Risk Analyst operates within the governance, risk & compliance service provided by the Jumio security function. 

The Risk Analyst will be responsible for identifying, analyzing, and influencing the management of information risks across the organization. 

Role Value: 

The role holder reports into the GRC Lead and they need to positively influence other members of the security team as well as other departments across Jumio. 

Responsibilities:

The key responsibilities of the role  are as follows: 

Information Security Risk Management 

  • Conducts information security risk assessments of internal processes,applications and software solutions.
  • Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.
  • Identifies, analyzes, assesses, monitors, and tracks risks in the information security risk register.
  • Collaborates with internal stakeholders (Engineering , HR , Machine Learning , IT , Finance , Sales, Privacy,Legal, etc.) as part of the risk management program.
  • Participates in ad-hoc, non-systematic risk assessment requests.
  • Evaluates and manages security exception requests, ensuring compliance with security standards and mitigating associated risks.
  • Prepares security exception risk profile and reports to relevant stakeholders.

Third Party Risk Management

  • You support the delivery of vendor risk management and security assurance services, for high-speed business initiatives.  You perform focused risks assessments of existing or new services and technologies.
  • Identify and collaborate with internal groups with outsourcing and vendor oversight responsibilities to reduce duplication of effort and ensure overall compliance with the program.

Governance Risk & Compliance

  • You support governance risk and compliance activities within the ISMS
  • Supporting the ongoing maintenance of independent security certification activities for SOC2, ISO 27001 and PCI DSS. 
  • You support the management and high-quality output from the GRC Platform.
  • You support our security compliance monitoring model. 
  • You support the maintenance of security KPI metrics and reporting regularly. 
  • You support the delivery of security awareness training and knowledge to all staff. 
  • You support the management of security policies and processes, to ensure operational efficiency, meet regulatory compliance, and support regional demands. 
  • You support external and internal audit activities as required. 
  • You assist fellow Jumio’s in understanding and pragmatically responding to security audit findings.
  • Stays updated with the latest cybersecurity trends, emerging threats, and industry developments to provide proactive risk mitigation recommendations.

Qualifications, Experience & Skills Required

  • Experience in managing GRC solutions, and familiarity with Eramba or equivalent. 
  • Experience in managing 3rd party vendor assurance tools. 
  • Experience in supporting fast-paced GRC capabilities. 
  • An ability to identify and assesses the severity and potential impact of risks and communicate risk assessment findings to risk owners outside Information Security in a way that consistently drives objective, fact-based decisions that optimize the trade-off between risk mitigation and business performance
  • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
  • An ability to effectively influence others to modify their opinions, plans, or behaviours
  • You are a strong communicator, and you get your message across well and clearly, you make people interested in listening to you.
  • An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
  • Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part 
  • An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization
  • You move at speed and enjoy working within a fast-paced, dynamic environment. 
  • You'll need passion and energy for the subject; you'll care about shaping positive outcomes. 
  • You'll need to have a strong desire and hunger to learn as much as possible. 
  • You'll have a willingness to embrace change, adapt and evolve to meet the needs of the subjects we manage.

Great to have Experience and Qualifications:

  • 3+  years of work experience in information security, especially in an Information Risk Analysis role
  • 3+  years of experience in a Security Risk Management (SRM) and/or IT Audit role
  • 3+ years of experience with regulatory compliance and information security management frameworks (SOC2,  IS0 27000, and PCI DSS) 
  • Desirable to be Certified Information Systems Security Professional (CISSP), Certified Information Security  Manager (CISM), and/or Certified Information Systems Auditor (CISA)
  • BS or MA in Business, Computer Science, Information Security, or a related field

Key Characteristics and Attitudes: 

  • Positive energy and outcome-driven 
  • Passion for the subject 
  • Happy moving subjects along at a pace with minimum details by implementing them
  • Enjoy working in a self-organizing team environment
  • Thinks further than the solution appears to require
  • Adaptable and flexible 
  • Fast learner, high capacity for abstract thinking and structured approach to work
  • The big picture and the detail
  • High IQ and EQ
  • Excellent analytical, conceptual and communications skills in spoken and written English
  • Articulate and persuasive

Jumio Values:

IDEAL: Integrity, Diversity, Empowerment, Accountability, Leading Innovation

Equal Opportunities:

Jumio is a collaboration of people with different ideas, strengths, interests and cultures. We welcome applications and colleagues from all backgrounds and of all statuses.

About Jumio:

Jumio is a B2B technology company dedicated to eradicating online identity fraud, money laundering and other financial crimes to help make the internet safer. We leverage AI, biometrics, machine learning, liveness detection and automation to create solutions that are trusted by leading brands worldwide and respected by industry thought leaders. 

Jumio is the leading provider of online identity verification, eKYC and AML solutions. With a global footprint, we’re expanding the team to meet strong client demand across a range of industries including Financial Services, Travel, Sharing Economy, Fintech, Gaming, and others.

Applicant Data Privacy

We will only use your personal information in connection with Jumio’s application, recruitment, and hiring processes, as described in Jumio’s Applicant Privacy Notice. If you have any questions or comments, please send an email to privacy@jumio.com.

Similar Jobs

Tesla - Parts Advisor

Tesla

Timișoara, Timiș, Romania (On-Site)
6 Months ago
WebFX - AI Digital Marketing Specialist

WebFX

United States (Remote)
3 Months ago
Publicis Groupe - Manager Agile Program Management

Publicis Groupe

New York, United States (Hybrid)
3 Weeks ago
Ion - Technical Support Analyst, Toronto - 4363

Ion

Toronto, Ontario, Canada (On-Site)
10 Months ago
IMC - Compliance Officer – Delta1 Specialist

IMC

Chicago, Illinois, United States (On-Site)
2 Months ago
Square - Network and Security Engineer

Square

Lyon, Auvergne-Rhône-Alpes, France (Remote)
3 Weeks ago
Varonis  - Senior Security Analyst (Japanese Speaker)

Varonis

Melbourne, Victoria, Australia (On-Site)
1 Month ago
Optiv - Account Manager - Cybersecurity Sales

Optiv

Charlotte, North Carolina, United States (Hybrid)
3 Weeks ago
binance - Smart Contract Security Engineer

binance

Dubai, Dubai, United Arab Emirates (Remote)
1 Year ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Riot Games - Game Design Manager, Maps

Riot Games

Los Angeles, California, United States (On-Site)
2 Months ago
Zeeco, Inc. - Senior Designer (Mechanical Draftsman)

Zeeco, Inc.

Mumbai, Maharashtra, India (On-Site)
9 Months ago
Epic Games - Lead Rendering Programmer

Epic Games

(On-Site)
4 Months ago
PwC - Manager - Deals Advisory - Business Recovery Services

PwC

Jakarta, Jakarta, Indonesia (On-Site)
10 Months ago
Garena - Strategic Qualitative Researcher

Garena

Casablanca, Casablanca-Settat, Morocco (On-Site)
9 Months ago
Motorola solutions - Senior Financial Analyst – Video & Software Services (VSS)

Motorola solutions

Chicago, Illinois, United States (Hybrid)
1 Year ago
SweatPals - Success Manager

SweatPals

Austin, Texas, United States (On-Site)
2 Months ago
Riot Games - Principal Software Engineer, Foundations Developer Experience & Workflows

Riot Games

Dublin, County Dublin, Ireland (On-Site)
9 Months ago
Handy games - Game Artist Internship

Handy games

Giebelstadt, Bavaria, Germany (On-Site)
4 Months ago
Plug power - Field Service Technician

Plug power

Tomah, Wisconsin, United States (On-Site)
2 Months ago

Get notifed when new similar jobs are uploaded

Jobs in India

Zones - Operations Manager

Zones

Bengaluru, Karnataka, India (On-Site)
3 Months ago
Nagarro - Senior Engineer, ETL

Nagarro

Gurugram, Haryana, India (On-Site)
9 Months ago
Qualcomm - Sr Staff Engineer - Security and Access Control

Qualcomm

Bengaluru, Karnataka, India (On-Site)
2 Months ago
PwC - Senior Associate

PwC

Bengaluru, Karnataka, India (On-Site)
9 Months ago
Keywords International - Senior Engineering Manager

Keywords International

Pune, Maharashtra, India (Hybrid)
3 Months ago
Poppulo - Senior Full Stack Machine Learning Engineer

Poppulo

Bengaluru, Karnataka, India (Hybrid)
2 Months ago
Keywords Studios - Research Associate - Fresher

Keywords Studios

Karnataka, India (On-Site)
4 Months ago
Capgemini - ServiceNow Developer

Capgemini

Mumbai, Maharashtra, India (On-Site)
3 Months ago
Touch Magix - Junior VFX Artist

Touch Magix

Pune, Maharashtra, India (On-Site)
1 Month ago
Gallagher - Data Scientist

Gallagher

Bengaluru, Karnataka, India (On-Site)
9 Months ago

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

PayPal - Staff Software Security Engineer

PayPal

Chicago, Illinois, United States (On-Site)
3 Weeks ago
Datahub - IT Security and Compliance Manager

Datahub

Palo Alto, California, United States (Hybrid)
1 Month ago
CAE - Information Systems Security Engineer

CAE

Orlando, Florida, United States (On-Site)
2 Months ago
bytedance - Senior Software Engineer, Global Payment Security

bytedance

San Jose, California, United States (On-Site)
9 Months ago
Interface AI - Lead Security Engineer

Interface AI

India (Remote)
1 Month ago
Vercel - Software Engineer, CDN Security

Vercel

United States (Remote)
3 Months ago
LeoVegas - Senior Information Security GRC Analyst

LeoVegas

Sliema, Malta (On-Site)
1 Month ago
Varonis  - Junior Security Analyst

Varonis

Morrisville, North Carolina, United States (On-Site)
3 Months ago
Thousand Eyes - Senior Software Engineer, Security and Reliability

Thousand Eyes

San Francisco, California, United States (On-Site)
1 Month ago
Ion - Junior Cyber Security Analyst

Ion

Pisa, Tuscany, Italy (Hybrid)
10 Months ago

Get notifed when new similar jobs are uploaded

About The Company

India (Remote)

Singapore (On-Site)

Bengaluru, Karnataka, India (On-Site)

Lenexa, Kansas, United States (Hybrid)

Sunnyvale, California, United States (On-Site)

Jaipur, Rajasthan, India (On-Site)

Bengaluru, Karnataka, India (On-Site)

View All Jobs

Get notified when new jobs are added by Jumio

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug