Job Description
- 3+ years in information security/risk analysis
- 3+ years in Security Risk Management or IT Audit
- 3+ years with regulatory compliance (SOC2, ISO 27000, PCI DSS)
- CISSP, CISM, or CISA certification
- BS or MA in Business, Computer Science, Information Security, or related field
- Manage GRC solutions (e.g., Eramba)
- Manage 3rd party vendor assurance tools
- Support fast-paced GRC capabilities
- Assess risk severity and impact
- Communicate risk findings effectively
- Strong decision-making skills
- Ability to influence others
- Strong communication skills
- Understanding of business needs
- Excellent prioritization skills
- Ability to multitask
- Work in a fast-paced environment
- Passion and energy for the subject
- Desire to learn
- Willingness to embrace change
- Positive energy and outcome-driven
- Adaptable and flexible
- Fast learner with structured approach
- High IQ and EQ
- Excellent analytical and communication skills
Role Purpose:
The Risk Analyst operates within the governance, risk & compliance service provided by the Jumio security function.
The Risk Analyst will be responsible for identifying, analyzing, and influencing the management of information risks across the organization.
Role Value:
The role holder reports into the GRC Lead and they need to positively influence other members of the security team as well as other departments across Jumio.
Responsibilities:
The key responsibilities of the role are as follows:
Information Security Risk Management
- Conducts information security risk assessments of internal processes,applications and software solutions.
- Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.
- Identifies, analyzes, assesses, monitors, and tracks risks in the information security risk register.
- Collaborates with internal stakeholders (Engineering , HR , Machine Learning , IT , Finance , Sales, Privacy,Legal, etc.) as part of the risk management program.
- Participates in ad-hoc, non-systematic risk assessment requests.
- Evaluates and manages security exception requests, ensuring compliance with security standards and mitigating associated risks.
- Prepares security exception risk profile and reports to relevant stakeholders.
Third Party Risk Management
- You support the delivery of vendor risk management and security assurance services, for high-speed business initiatives. You perform focused risks assessments of existing or new services and technologies.
- Identify and collaborate with internal groups with outsourcing and vendor oversight responsibilities to reduce duplication of effort and ensure overall compliance with the program.
Governance Risk & Compliance
- You support governance risk and compliance activities within the ISMS
- Supporting the ongoing maintenance of independent security certification activities for SOC2, ISO 27001 and PCI DSS.
- You support the management and high-quality output from the GRC Platform.
- You support our security compliance monitoring model.
- You support the maintenance of security KPI metrics and reporting regularly.
- You support the delivery of security awareness training and knowledge to all staff.
- You support the management of security policies and processes, to ensure operational efficiency, meet regulatory compliance, and support regional demands.
- You support external and internal audit activities as required.
- You assist fellow Jumio’s in understanding and pragmatically responding to security audit findings.
- Stays updated with the latest cybersecurity trends, emerging threats, and industry developments to provide proactive risk mitigation recommendations.
Qualifications, Experience & Skills Required
- Experience in managing GRC solutions, and familiarity with Eramba or equivalent.
- Experience in managing 3rd party vendor assurance tools.
- Experience in supporting fast-paced GRC capabilities.
- An ability to identify and assesses the severity and potential impact of risks and communicate risk assessment findings to risk owners outside Information Security in a way that consistently drives objective, fact-based decisions that optimize the trade-off between risk mitigation and business performance
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
- An ability to effectively influence others to modify their opinions, plans, or behaviours
- You are a strong communicator, and you get your message across well and clearly, you make people interested in listening to you.
- An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
- Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part
- An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization
- You move at speed and enjoy working within a fast-paced, dynamic environment.
- You'll need passion and energy for the subject; you'll care about shaping positive outcomes.
- You'll need to have a strong desire and hunger to learn as much as possible.
- You'll have a willingness to embrace change, adapt and evolve to meet the needs of the subjects we manage.
Great to have Experience and Qualifications:
- 3+ years of work experience in information security, especially in an Information Risk Analysis role
- 3+ years of experience in a Security Risk Management (SRM) and/or IT Audit role
- 3+ years of experience with regulatory compliance and information security management frameworks (SOC2, IS0 27000, and PCI DSS)
- Desirable to be Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA)
- BS or MA in Business, Computer Science, Information Security, or a related field
Key Characteristics and Attitudes:
|
|
Jumio Values:
IDEAL: Integrity, Diversity, Empowerment, Accountability, Leading Innovation
Equal Opportunities:
Jumio is a collaboration of people with different ideas, strengths, interests and cultures. We welcome applications and colleagues from all backgrounds and of all statuses.
About Jumio:
Jumio is a B2B technology company dedicated to eradicating online identity fraud, money laundering and other financial crimes to help make the internet safer. We leverage AI, biometrics, machine learning, liveness detection and automation to create solutions that are trusted by leading brands worldwide and respected by industry thought leaders.
Jumio is the leading provider of online identity verification, eKYC and AML solutions. With a global footprint, we’re expanding the team to meet strong client demand across a range of industries including Financial Services, Travel, Sharing Economy, Fintech, Gaming, and others.
Applicant Data Privacy
We will only use your personal information in connection with Jumio’s application, recruitment, and hiring processes, as described in Jumio’s Applicant Privacy Notice. If you have any questions or comments, please send an email to privacy@jumio.com.
