Senior Cybersecurity Risk Analyst - India

Cornerstone OnDemand

4.6

(93)

Multiple Locations

Why you should apply for a job to Cornerstone OnDemand:

Ranked as one of the Best Tech Companies for Women in 2023

4.6/5 in overall job satisfaction

4.7/5 in supportive management

90% say women are treated fairly and equally to men

97% would recommend this company to other women

100% say the CEO supports gender diversity

Ratings are based on anonymous reviews by Fairygodboss members.

We offer Wellbeing Days (paid days off during the months of July, August, and September) so our people can focus on their wellness.

The Cornerstone Family First Initiative is a one-time initiative covering reimbursement for some out-of-pocket fertility expenses.

Through Maven, we provide 100% free coaching and personalized support for those navigating mid-life and menopause.

#req10273

Position summary

the vendor and third party risk management program
Supporting the AI Management System (ISO 42001) from a risk management perspective
Execute the global business impact assessments and risk assessment program
Work closely with the global Cybersecurity and Assurance Team to implement security standards across the organization
Interface and partner with cross functional leaders from engineering, Cloud Operations, IT and other functions to development mitigation plans on designing effective controls to improve security compliance and manage risk
Identify business, cybersecurity and technology risks, evaluate internal controls to treat risks, and develop opportunities to continuously improve internal controls
Work with control owners to ensure control objectives and activities meet compliance standards for effectiveness and evidence, and ensuring operational efficiencies
Work with Cornerstone's external audit partners and cross functional teams to schedule appropriate internal audit testing and/or risk assessments
Recommend updates to security policies, standards and procedures to address new industry practices, requirements and standards based on security and compliance requirements

Skills and Experience:

Degree in Information Technology, Computer Science, or related fields
5+ years risk identification, assessment and management experience
3-4 year in project and process management and improvement
3-4 year experience in multi-country/global Information Technology organization (preferably SaaS)
Working experience with GRC platforms
Experience in third-party risk management processes
Experience management project portfolios and programs
Experienced in metrics, maintaining dashboards and executive reporting
Multi year working experience with managing ISMS (ISO 27001) and preferably AIMS (ISO 42001)
Adequate knowledge of latest security tools, technologies and control best practices for I&AM, encryption, system hardening, anti-malware, data leakage prevention, IDS/IPS, network architecture security, vulnerability management, etc.
Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism
Excellent data analysis, documentation and articulation skills
Excellent communication, presentation and collaboration skills

Education:

Certifications as CRISC and/or CRMP desired

#LI-Hybrid