Technology & Security Risk Analyst

Key responsibilities

• Embed our security risk management process within a newly acquired entity , creating the foundation for the ongoing management of security risks for the entity .
• Support the alignment of dentsu s global technology and security policies , controls and ISO27001 standard within the newly acquired entity .
• Work closely with stakeholders to identify , assess, monitor and respond to security risks , in line with the technology & security risk management framework and associated processes.
• Update the risk register with in our GRC platform , e.g. documenting agreed treatment plans , adding regular progress updates, and escalating delays or blockers.
• Provide risk reporting to stakeholders and, where required , relevant forums, e.g. dentsu international markets Security Risk Committee.
• Lead security issue management working groups with relevant stakeholders to assess risk issues and develop treatment plans .
• Provide analysis on key risk areas to drive security maturity and help shape future investment decisions.
• Understand the external security environment and emerging trends to support security risk management.
• Support the growth and adoption of technology and security risk management processes across dentsu international markets .

What we re looking for

• 2-3 years of experience in technology and security governance and risk management within a medium or large-sized organization.
• General knowledge of all domains within security covering people, process and technology.
• Experience in stakeholder engagement and strong communication skills.
• Ability to explain technical complex concepts to non-technical audiences.
• A self-motivated, proactive, action-orientated approach to achieve deadlines.
• A collaborative mindset, working alongside others to achieve common objectives.
• Interest in personal development in the areas of governance, risk, compliance or security.
• Experience of security compliance initiatives within an enterprise technology environment such as ISO27001 (compulsory), NIST, CIS, PCI DSS, Cyber Essentials.
• Knowledge of security, technology and enterprise risk management frameworks (desirable).
• Experience with using industry-leading GRC platforms (desirable).
• Experience in using Microsoft Excel, PowerPoint, Forms, and PowerBi (desirable).
• Achieved or working towards an information security qualification (CISSP, CISM, CISA, CRISC) (desirable).