*Send resumes to **[email protected]* <[email protected]>* or reach me at 631-759-8044 Ext: 405*
*Job Title: Risk Analyst - GRC* *Location: Santa Clara - CA* *Duration: 3+ Months* *Job Description:* Governance, Risk Management, and Compliance (GRC) are three pillars that work together for the purpose of assuring that an organization meets its objectives. ... Governance is the combination of processes established and executed by the board of directors that are reflected in the organization's structure and how it is managed and led toward achieving goals. Risk management is predicting and managing risks that could hinder the organization to achieve its objectives. Compliance with the company's policies and procedures, laws and regulations, strong and efficient governance is considered key to an organization's success." *Responsibilities:* · Perform audit and objective analysis functions of systems, data and articulate risk findings in business language · Communicates threat, risk, and vulnerability assessment findings to information risk "customers," or business partners · Provides consultative advice to information risk customers that enables them to make informed security threat, risk, vulnerability management decisions · Recommends security controls and/or corrective actions for mitigating technical and business risks and threats · Identifies opportunities to improve risk posture, remediating or mitigating risks and assessing the residual risk · Maintains strong working relationships with individuals and groups involved in managing information risks across the organization · Perform contract reviews for HDS customer and supplier from information security and risk standpoint and work closely with procurement and legal department *Required Skills:* · *E*xperience conducting risk assessments and audits · Solid understanding of risk assessment fundamentals such as impact, likelihood, and quantitative risk calculation methods. · An ability to identify and assesses the severity and potential impact of risks and communicate risk assessment findings to risk owners outside Information Security · Technical expertise in system security vulnerabilities and remediation techniques, network, mobile, email, server infrastructure and web-related protocols · Working knowledge of industry security standards and security management frameworks (ISO 27x, PCI, NIST) · Preferred security certifications: CISM/CISSP -- Thanks & Regards, *Sampath* Damcosoft Inc. Phone: 631-759-8044 Ext: 405 Email: *[email protected] <[email protected]>* GTalk: [email protected] Website: www.damcosoft.com -- You received this message because you are subscribed to the Google Groups "Open Source Erp & Crm" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/open-source-erp-crm. For more options, visit https://groups.google.com/d/optout.
