Cyber Security Analyst Senior at GDIT focusing on 24/7 monitoring and threat intelligence analysis. Integral in safeguarding government systems and anticipating future threats.
CE
Hybrid Senior Specialist, Information Security Governance, Risk & Compliance
Posted yesterday
About the role
- Senior Specialist in Information Security Governance, Risk & Compliance at Cellulant, driving information security, privacy, and compliance standards within BFSI context.
Responsibilities
- Develop, maintain, and enhance the Information Security Management System (ISMS) based on ISO 27001/27002 or equivalent standards.
- Conduct enterprise-wide information security risk assessments, risk treatment planning, and continuous control monitoring.
- Maintain policy frameworks, standards, guidelines, and procedures.
- Ensure timely closure of information security findings across the business.
- Manage compliance with industry regulations and BFSI-specific frameworks (e.g., PCI DSS, SOC 2, ISO 27017/18, ISO 27032, local data protection acts).
- Track and report security posture, cyber risk exposure, key metrics, and compliance maturity to leadership.
- Own and evolve the Cellulant’s Business Continuity Management System (BCMS).
- Lead the development, review, and testing of BCPs, DR plans, and crisis management procedures.
- Conduct Business Impact Analyses (BIAs) and risk assessments across critical business functions.
- Coordinate and lead resilience exercises, tabletop simulations, and post-incident reviews.
- Support implementation of privacy-by-design and privacy-by-default controls.
- Monitor compliance with relevant data protection and privacy laws (e.g., GDPR, regional data protection regulations).
- Review vendor security questionnaires, external audit reports, penetration test summaries, and data protection agreements.
- Evaluate cloud, SaaS, managed services, and critical suppliers for compliance with BFSI security and privacy requirements.
- Provide expert GRC advisory support to cross-functional teams including IT, engineering, operations, legal, compliance and product.
- Design and promote security and privacy awareness programs.
Requirements
- 5–8+ years of experience in Information Security, GRC, audit, privacy, or risk management roles
- Proven experience working in or supporting the BFSI sector, with strong understanding of industry regulatory, privacy, and security obligations
- Business Continuity Management hands-on experience, including running BIAs, maintaining BC/DR plans, and coordinating DR/BC exercises
- Deep familiarity with frameworks and standards such as: ISO 27001/27002, NIST CSF, PCI DSS, and SOC 2 and ISO 22301
- GDPR (EU), NDPA (Nigeria) and other global/regional data privacy laws
- Strong understanding of cloud security principles (AWS)
- Demonstrated experience producing documentation, process improvements, risk reports, and audit deliverables
- Experience working cross-functionally with technical and non-technical teams.
- One or more of the following (or equivalent): Information Security: CISSP, CISM, SSCP, ISO 27001 Lead Implementer/Auditor Business Continuity: CBCP, ISO 22301 Lead Implementer/Auditor Privacy: CIPP/E, CIPM, CDPSE, ISO 27701 Lead Implementer/Auditor, certified DPO Risk & Compliance: CRISC, CGEIT.
Benefits
- Generous personal time off
- Medical and life insurance benefits (markets permitting)
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Senior Information Security Analyst responsible for protecting Omni's technology environment. Focus areas: Monitoring, Defense, Operations across on - premises, cloud, and endpoints.
Alternate Information System Security Officer overseeing security compliance for classified information systems. Evaluating security solutions and assisting in system security documentation and procedures.
IT - Systemadministrator managing physical security systems and multimedia solutions. Administration, support, and project involvement in multimedia and surveillance technologies in Roding.
Security Officer performing patrols, emergency response, and customer service at Climax Molybdenum. Managing site security and assisting with emergency situations at various locations.
Security Officer overseeing safety inspections and personnel training for Crown Equipment Corporation. Responsible for monitoring facilities and responding to security incidents.
Security Officer leading safety inspections and facility patrols at Crown Equipment Corporation. Assigning duties and responding to security incidents efficiently.
Manager of Security Risk at Grainger overseeing Information Security Risk team and managing security risk programs. Focused on regulatory compliance, leadership, and risk assessment integration.
SAP Security GRC Consultant involved in designing and implementing security architectures for Swiss clients. Collaborating with project teams on compliance and security solutions.
Senior Consultant with Wavestone providing SAP Security and IAM solutions in Switzerland. Collaborating on security architectures and supporting clients on SAP security transformations.