Senior Information Security Risk Analyst

Summary

Join Jumio's security function as a Risk Analyst, responsible for identifying, analyzing, and managing information risks across the organization. You will conduct risk assessments, collaborate with stakeholders, and support vendor risk management. The role involves supporting governance, risk, and compliance activities, including security certifications (SOC2, ISO 27001, PCI DSS), and maintaining the GRC platform. You will also contribute to security awareness training, policy maintenance, and audit support. Success in this role requires strong communication, analytical, and decision-making skills, along with experience in GRC solutions and risk management.

Requirements

• Experience in managing GRC solutions, and familiarity with Eramba or equivalent
• Experience in managing 3rd party vendor assurance tools
• Experience in supporting fast-paced GRC capabilities
• An ability to identify and assesses the severity and potential impact of risks and communicate risk assessment findings to risk owners outside Information Security in a way that consistently drives objective, fact-based decisions that optimize the trade-off between risk mitigation and business performance
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• An ability to effectively influence others to modify their opinions, plans, or behaviours
• You are a strong communicator, and you get your message across well and clearly, you make people interested in listening to you
• An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
• Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part
• An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization
• You move at speed and enjoy working within a fast-paced, dynamic environment
• You'll need passion and energy for the subject; you'll care about shaping positive outcomes
• You'll need to have a strong desire and hunger to learn as much as possible
• You'll have a willingness to embrace change, adapt and evolve to meet the needs of the subjects we manage

Responsibilities

• Conducts information security risk assessments of internal processes,applications and software solutions
• Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk
• Identifies, analyzes, assesses, monitors, and tracks risks in the information security risk register
• Collaborates with internal stakeholders (Engineering , HR , Machine Learning , IT , Finance , Sales, Privacy,Legal, etc.) as part of the risk management program
• Participates in ad-hoc, non-systematic risk assessment requests
• Evaluates and manages security exception requests, ensuring compliance with security standards and mitigating associated risks
• Prepares security exception risk profile and reports to relevant stakeholders
• You support the delivery of vendor risk management and security assurance services, for high-speed business initiatives
• You perform focused risks assessments of existing or new services and technologies
• Identify and collaborate with internal groups with outsourcing and vendor oversight responsibilities to reduce duplication of effort and ensure overall compliance with the program
• You support governance risk and compliance activities within the ISMS
• Supporting the ongoing maintenance of independent security certification activities for SOC2, ISO 27001 and PCI DSS
• You support the management and high-quality output from the GRC Platform
• You support our security compliance monitoring model
• You support the maintenance of security KPI metrics and reporting regularly
• You support the delivery of security awareness training and knowledge to all staff
• You support the management of security policies and processes, to ensure operational efficiency, meet regulatory compliance, and support regional demands
• You support external and internal audit activities as required
• You assist fellow Jumio’s in understanding and pragmatically responding to security audit findings
• Stays updated with the latest cybersecurity trends, emerging threats, and industry developments to provide proactive risk mitigation recommendations

Preferred Qualifications

• 3+ years of work experience in information security, especially in an Information Risk Analysis role
• 3+ years of experience in a Security Risk Management (SRM) and/or IT Audit role
• 3+ years of experience with regulatory compliance and information security management frameworks (SOC2, IS0 27000, and PCI DSS)
• Desirable to be Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA)
• BS or MA in Business, Computer Science, Information Security, or a related field