Senior Cybersecurity Risk Analyst - India

The Senior Cybersecurity Risk Analyst is an important role in supporting the overall vision of the Cybersecurity & Assurance Program at Cornerstone OnDemand (CSOD). This position is part of the global Cybersecurity Engineering and Assurance team and is reporting into the Senior Director, Cybersecurity & Assurance.

This role will be responsible for managing the global Cyber risk Management Program and Vendor Risk Management Program. Furthermore the role is driving the global Information Security Management System.

Key Responsibilities:

• Responsible for the global Cyber risk management program and leads the identification, communication, and management of company-wideRisk.
• Responsible for operational management of the global Information Security Management System (ISO27001)
• Responsible for the vendor and third party risk management program
• Supporting the AI Management System (ISO 42001) from a risk management perspective
• Execute the global business impact assessments and risk assessment program
• Work closely with the global Cybersecurity and Assurance Team to implement security standards across the organization
• Interface and partner with cross functional leaders from engineering, Cloud Operations, IT and other functions to development mitigation plans on designing effective controls to improve security compliance and manage risk
• Identify business, cybersecurity and technology risks, evaluate internal controls to treat risks, and develop opportunities to continuously improve internal controls
• Work with control owners to ensure control objectives and activities meet compliance standards for effectiveness and evidence, and ensuring operational efficiencies
• Work with Cornerstone’s external audit partners and cross functional teams to schedule appropriate internal audit testing and/or risk assessments
• Recommend updates to security policies, standards and procedures to address new industry practices, requirements and standards based on security and compliance requirements

Skills and Experience:

• Degree in Information Technology, Computer Science, or related fields
• 5+ years risk identification, assessment and management experience
• 3-4 year in project and process management and improvement
• 3-4 year experience in multi-country/global Information Technology organization (preferably SaaS)
• Working experience with GRC platforms
• Experience in third-party risk management processes
• Experience management project portfolios and programs
• Experienced in metrics, maintaining dashboards and executive reporting
• Multi year working experience with managing ISMS (ISO 27001) and preferably AIMS (ISO 42001)
• Adequate knowledge of latest security tools, technologies and control best practices for I&AM, encryption, system hardening, anti-malware, data leakage prevention, IDS/IPS, network architecture security, vulnerability management, etc.
• Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism
• Excellent data analysis, documentation and articulation skills
• Excellent communication, presentation and collaboration skills

Education:

• Certifications as CRISC and/or CRMP desired