Cybersecurity - Risk Analyst

SITA

  • Barcelona
  • Permanente
  • Tiempo completo
  • Hace 7 días
Job Description:OverviewWELCOME TO SITAWe're the team that keeps airports moving, airlines flying smoothly, and borders open. Our tech and communication innovations are the secret behind the success of the world's air travel industry.You'll find us at 95% of international hubs. We partner closely with over 2,500 transportation and government clients, each with their own unique needs and challenges. Our goal is to find fresh solutions and cutting-edge tech to make their operations run like clockwork. Want to be a part of something big?Are you ready to love your job? The adventure begins right here, with you, at SITA.PURPOSESupporting the cyber security risk management Team Leader, the Cybersecurity Risk Analyst will contribute to IT risk management practice within SITA EISO team by maintaining and enhancing the cybersecurity operational risk management framework.As part of the second Lines of Defense (2LoD), the Cybersecurity Risk Analyst will support business front lines (1LoD) risks & controls self-assessment capability and provide objective review to business lines to develop acceptable risk treatment plans, monitor risk mitigation execution progress and reporting to steering committees.KEY RESPONSIBILITIESMaintain and improve the third-party risk management framework, which includes the supplier security onboarding, ongoing monitoring and offboarding requirementsSupporting the activities of the second line of defense (2LoD), monitoring the organization's operational risks and escalating any concerns about control weaknesses or exposures that exceed agreed business risk tolerance limits * Working with risk owners to ensure that operational risk templates and procedures are implemented correctly (e.g. providing training, advocating, socializing, coaching, etc.)
  • Support the cybersecurity exception handling process, including the objective review of the risk owner progress to achieve compliance with SITA policies and standards.
  • Support risk management KPIs/KRIs identification, trends analysis and reporting.
  • Document key findings, analysis, and recommendations in clear and concise reports for both technical and non-technical stakeholders.
  • Act as a challenger to the first line by validating the adequacy and effectiveness of controls
Plays a critical role in overseeing and guiding the first line's activities while ensuring that risks are properly identified, assessed, and mitigated. * Develop and maintain an overarching cybersecurity risk management framework (processes, methods, and tools), provide constructive feedback and recommendations for improvement.Support compliance with legal, regulatory, and industry standards (e.g., ISO 27001, NIS2), including supporting regulatory reporting and audits by providing accurate and timely risk information * Facilitate risk record communication, quality, completeness between the first and second lines of defense by leveraging established risk templates, risk rating criteria and intersects
  • Navigate and work effectively across a complex, geographically dispersed organization.
Promote a culture of risk awareness and share responsibility across the organization. Responsible for gathering managing and analyzing requirements to design new application changes for own areas of responsibility ensuring sufficient effort is made to promote ''vanilla'' functionality. * Assists in and takes ownership of estimates developed by less experienced staff and/or offshore providers.
  • Coordinates the delivery testing and support of application changes related to own area of responsibility.
  • Responsible for ensuring quality solutions are delivered to business users on time and budget.
  • Contributes to the development of application and process best practices and using a consultative approach gets buy-in from all stakeholders.
QualificationsEXPERIENCE5 to 10 years of information system/cybersecurity risk and control management experience, including risk identification and analysis. response and remediation.Relevant certification desired: CISA, CISM, CISSP, CIA, CIPP, or related. * Practical experience of assessing risks associated with third-party suppliers and reviewing assurance documents relating to security and IT controls provided by third parties (e.g. ISO 27001, SOC2 certifications, etc.).
  • Practical experience of managing an IT exception handling process.
  • Ability to influence and engage with risk owners, and senior management.
  • Ability to adapt quickly to changing priorities and demands.
  • Demonstrate good learning attitude and attention to detail
Have good communication skills, team player and a continuous improvement mindsetAbility to communicate in a clear, concise, and persuasive manner to all levels of audience.University degree in computer science, management information system, business administration or a related field of study required.
  • At least 5 years experience in deployment or support of application software implementing systems and modules with experience of multiple full lifecycle implementations
  • Working knowledge and/or hands on experience with information security policy, procedures and standard development and improvement. (no mandatory - nice to have)
  • Experience with GRC (Governance, Risk and Compliance) tools such as OneTrust, ServiceNow, Archer is considered an asset.(no mandatory - nice to have)
EDUCATION & QUALIFICATIONS
  • University degree or equivalent
WHAT WE OFFERWe're all about diversity. We operate in 200 countries and speak 60 different languages and cultures. We're really proud of our inclusive environment. Our offices are comfortable and fun places to work, and we make sure you get to work from home too. Find out what it's like to join our team and take a step closer to your best life ever.🏡 Flex Week: Work from home up to 2 days/week (depending on your team's needs)⏰ Flex Day: Make your workday suit your life and plans.🌎 Flex-Location: Take up to 30 days a year to work from any location in the world.🌿 Employee Wellbeing: We have got you covered with our Employee Assistance Program (EAP), for you and your dependents 24/7, 365 days/year. We also offer Champion Health - a personalized platform that supports a range of wellbeing needs.🚀 Professional Development: Level up your skills with our training platforms, including LinkedIn Learning!🙌 Competitive Benefits: Competitive benefits that make sense with both your local market and employment status.

SITA