Associate Analyst, Information Security GRC

Associate Analyst, Information Security GRC

R4976

Location

Mumbai

Career Track

Finance

Associate Analyst, Information Security GRC

Associate Analyst, Information Security GRC

This role is eligible for our hybrid work model: Two days in-office.
 

Why is this job a big deal:

The position is responsible for coordinating Priceline’s risk and compliance projects, elevating our security posture. As a leading tech company, this role requires an understanding of our existing infrastructure, cybersecurity controls and risk profile, as well as a willingness to learn about emerging technologies.

The Security Risk & Compliance Associate will be part of a high-performing and diverse information security team at Priceline, a US subsidiary of the biggest online travel company of the world. He/she will be part of a growing GRC team that has multiple exciting challenges.

In this role you will get to: 

  • Coordinate end-to-end security GRC projects and initiatives to improve our security posture.

  • Maintain our different security controls frameworks, including NIST CSF maturity framework, PCI-DSS and NYDFS, enhancing the frameworks and controls based on recommendations from maturity and risk assessments.

  • Monitor control performance of information security controls across the business for timely and effective execution.

  • Coordinate information security training and awareness activities

  • Execution of third-party risk assessments and enhance our third-party risk assurance process and tooling.

  • Evaluation, maintenance and enhancement of our current security GRC tools.

  • Maintain and improve our information security policy framework, in accordance with our regulatory and compliance requirements.

  • Ensure quality of our key security processes (vulnerability management, security incident reporting).

  • Track progress of issues reported, vulnerabilities, and support in the creation of dashboards and metrics to facilitate this process.

  • Act as a security advocate, supporting business owners’ requests related to security (evaluate policy exception requests, complete third-party security questionnaires, etc)

  • Maintain our cybersecurity risk register and enhance our cybersecurity risk appetite framework.

Who you are: 

  • Bachelor’s degree in Computer Engineering or Cybersecurity-related discipline

  • 3  years of experience working in an information security GRC function

  • BIG4 experience is a plus.

  • Experience coordinating an external PCI-DSS audit is a plus.

  • One or more of the following certifications: CISSP, CRISC, CCSP, CCSK, CISA

  • Knowledge of security control and compliance frameworks: NIST CSF, PCI-DSS, ISO 27001

  • Basic understanding of security engineering best practices, as well as cloud security controls and DevOps & CI/CD development environments.

  • Experience driving security GRC initiatives in a proactive and independent manner

  • Experience working with cross-functional teams in fast-paced environments.

  • Solid problem-solving skills and attention to detail.

    #LI-hybrid