INFORMATION SECURITY & IT RISK SENIOR ANALYST

We believe that we make a difference every day. To do that, we need committed and engaged employees. Our people are accountable for delivering world-class service and they are passionate about making the world a safer and more secure place. Our teams operate with integrity and respect for one another fueled by an entrepreneurial spirit. We are building a high-performance organization through investing in our people with great development and growth opportunities.Do you want to have an impact every day by making people safe - and bringing them peace of mind? Interested in being part of a dedicated, passionate team which believes that security is a human right? Looking to join a company where innovation and technology are at the heart of its solutions?What we look forHighly motivated individuals with excellent problem-solving skills and the ability to prioritize shifting workloads. An effective communicator, you’ll be a confident team player with a genuine passion to make things happen in a dynamic organization. If you’re ready to take on a wide range of responsibilities and are committed to seeking out new ways to make a difference, this role is for you.Job purposeWe have one global role, Information Security & IT Risk Analyst, available in Madrid (Spain) reporting to the Information Security Manager, you will be responsible for supporting the governance, risks, and vulnerabilities program. Your role will also support the implementation of our organization’s strategies regarding Information Security and IT controls by maintaining and developing new ways of doing things and creating business relationships transversally in Technology area and across the business units.This role will be responsible for coordinating and performing security assessment functions and control testing reporting and activities in accordance with Verisure Internal Controls, regulatory and departmental policies, and procedures. This role updates and maintains our control frameworks. The position is expected to work with internal stakeholders and take a lead role in ensuring the security of all information collected, used, maintained, or released by Verisure and its related risks. This role will also play an important role in researching, developing, and analyzing technologies, processes, and assessments of our organization to implement remediation actions.Main ResponsibilitiesAct as a local Security POC for Country and Regional team incidents and requests - working with all InfoSec Group functions to remediate and solve.Cooperate with key stakeholders and use methods and facilities in the area of security-architecture to influence their decision making.Work closely with the Regional InfoSec team, Security Architecture & Engineering and the Regional IT Ops functions to assist in implementing projects and achieving country specific security targetsSupport to maintain and develop our risk control framework and processes that allow effective Information Security & IT monitoring, management and mitigation aligned with business objectives.Support to perform risk assessment and risk management activities across our organization and our vendors and drive standardization and centralization of control practices and ambassador central processes.Support to develop security standards, procedures, policies and improve our security positioning through process improvement, policy automation, and the continuous evolution of capabilities.Support to implement processes to automate and continuously monitor information security & IT controls, exceptions, risks & vulnerabilities, testing across a range of data processing activities, functions, and entities.Support, perform and control the full audit cycle over Information Security & IT controls effectiveness and compliance with all applicable directives and regulations.Required QualificationsMinimum qualificationsBachelor’s computer Information Systems or related discipline and 2 year of direct experience in information security, with a main emphasis on Information Security & IT risk and compliance.A pragmatic approach developed through hard won experience working in infosec departments and direct experience supporting process to:Support to define & execute of an Information Security & IT risk control framework, not only internally but also for third-party and partners. It is key also have experienced in documenting security procedures, policies, and standards.Perform Information Security & IT assessments and supporting compliance and maturity assessments using international standards and best practices from various industries.Ensure that all risks, vulnerabilities, and non-conformities are actively managed, monitored, documented, and mitigated if possible.Define and tracking KPIs/KRIs and generating reporting adapted for different levels and stakeholders.Perform Information Security & IT controls audits and executing remediation plans not only internally but also third party and partners.Support the process of conducting BIAS and defining plans to ensure the continuity of the business in case of a disruption.Work experience in a professional environment preferred, including:Demonstrated planning and problem-solving skills.Knowledge of identity management standards, vulnerability management and business continuity.Basic knowledge in networking “routing, Firewalls,..”Operating systems experience “Windows, linux”.Knowledge in security tools. WAF, NACs, EDR,..Cloud experience, in AWS or Azure.Ability to successfully support audits (external, internal and third-party ones), compile evidence, and organize audit responses.Thorough understanding of market structures, including relevant regulatory compliance requirements (PCI DSS, SOC 2 , NIST, GDPR, COBIT, ITIL, etc.).Fluent written and verbal communication skills in English.Travel availability.Preferred qualifications / Personal CharacteristicsProficient with MS Office, project management, and at least one GRC tool (recommended).Familiarity with Information systems auditing, monitoring, controlling, and process assessment.Familiar with current home security / smart home technologies, future developments and understanding of business models behind them.