Senior Information Security (Infosec) Analyst
We are looking for a detail-oriented Senior Information Security Analyst to join our dedicated team.
This position involves supporting third-party risk assessments and contributing to enterprise risk management efforts, ensuring regulatory compliance and safeguarding data within our vendor network.
Responsibilities
- Evaluate third-party risks with a focus on Information Security and GRC, enabling informed decisions regarding inherent and residual risks
- Conduct due diligence on prospective and current vendors, emphasizing cybersecurity controls, regulatory compliance (e.g., GDPR, SOC 2, ISO 27001), and data protection measures
- Ensure the integrity, consistency, and audit-readiness of third-party data within the GRC platform to meet reporting and regulatory standards
- Collaborate with teams in Information Security, Privacy, Legal, Procurement, and Business Units to share findings and support enterprise risk management activities
- Handle third-party offboarding processes, verifying risk management protocols and reviewing data retention, access, and continuity measures
- Prepare documentation and responses for external audits, internal reviews, or regulatory inquiries related to third-party risk management matters
- Maintain and refine TPRM policies, playbooks, and program metrics to aid program advancement
Requirements
3+ years of experience in third-party risk management, information security, IT audit, or GRC, ideally within Gaming, Technology, or Consulting industriesBasic understanding of security risk frameworks and practices (e.g., NIST, ISO 27001, SIG, CSA, etc.)Familiarity with tools like JIRA and GRC platforms (e.g., OneTrust, ServiceNow) with flexibility to learn and support data analysis and system enhancementsAbility to assess security, privacy, and operational risks while applying analytical and solutions-based approachesStrong verbal and written communication skills to cultivate collaboration across teams and organizational stakeholdersAdaptability in handling cross-functional tasks amid ambiguity or evolving requirementsGeneral understanding of vendor management and data security regulations and standardsAwareness of IT risk management principles coupled with familiarity with S-SDLC and Agile MethodologyFluent English communication skills at a B2+ levelWe offer
International projects with top brandsWork with global teams of highly skilled, diverse peersEmployee financial programsPaid time off and sick leaveUpskilling, reskilling and certification coursesUnlimited access to the LinkedIn Learning library and 22,000+ coursesGlobal career opportunitiesVolunteer and community involvement opportunitiesEPAM Employee GroupsAward-winning culture recognized by Glassdoor, Newsweek and LinkedIn#J-18808-Ljbffr