EASTWOOD | Information Security Analyst

Department:  NAISAUKI ISO                                                Reporting to: Sr. ISO/Information Security Manager

Compensation Band/Level:

Company Summary:

Majorel (dba Arvato) supports clients all over the world to successfully shape their customer relationships. More than 48,000 employees in 32 countries design and implement customized solutions for this purpose. We create amazing customer experiences that people value and we are proud of. By combining talent, data, and technology, we deliver real impact for our partners. Today’s rapidly changing world is sometimes challenging for service delivery; But with our spirit of true entrepreneurship, adaptability and our drive to go further, we view it as an opportunity to innovate by getting the best from people and technology. We constantly strive for the best. We know that doing so is pursuing a moving target. It takes full commitment to go the extra mile. Mutual respect and trust is the hallmark of every successful business, and it’s the same at Majorel. We know that challenges are met and ambitions achieved through teamwork: not only amongst our colleagues, but in partnership with our clients too.

Position Summary:

Oversees and is responsible for the implementation, maintenance and improvement of the Information Security Management System of the local reporting unit and ensure compliance to the contractual and regulatory security requirement.

Overall Responsibilities: 

• Implement, maintain, and continuously improve the effectiveness ISMS within the local reporting unit. 
• Support service delivery in local reporting unit in preparation for client assessments or industry specific certification and compliance audits as ISO27001, PCI DSS, SSAE, etc. 
• Performs business impact and risk impact analysis and operational security risk assessments
• Ensure compliance and effectiveness of controls by conducting periodic compliance assessments and internal audits.
• Facilitate the development of corrective action and remediation plans for the identified gaps, issues, risks or vulnerabilities. Ensure that all committed resolutions to audit findings, risks and security incidents are monitored, reviewed, resolved and reported on timely manner. 
• Develop consultative relationships with different departments to educate them on Majorel’s risk management framework, exception process and promote adherence to company policies, contractual and regulatory requirements.
• Engage proactively in business transitions, local projects and/or initiatives in order to identify potential compliance and security risks.
• Support the local implementation of global and regional security education, training and awareness programs.   
• Work cross-functionally and represent the Information Security Organization in discussions with different stakeholders and extend assistance to educate relevant users on how to comply to the different information security and data protection policies of the company
• Facilitate the investigation of a potential or actual security breaches, assist in the development and implementation of corrective action plans, research root cause and document the entire investigation process according to policy/procedure.
• Conducts security incident response training and exercise within the local unit and designated client accounts.
• Support the implement of business continuity processes within the local scope and assist in testing activities.
• Assist with integrating information security policy, standards, contractual and regulatory compliance requirements into the organization processes.
• Prepare proposals in cooperation with Sr. ISO to improve the security posture of the local reporting unit and brings them to the attention of the management during regular reporting cycle or whenever necessary;
• Liaise with other Majorel functions, including Key and Technical Account Management, Audit, Risk and Compliance, Data Privacy Office, BCM, Security Operations Center, Project Management Office to ensure the risk management process is efficient and effective.
• Fulfill other tasks related to the position as required

Job Requirements:

• Can easily transition to a fast-paced environment, must be able to learn new concepts quickly that affect the security posture of the company
• Willingness to work on-call in the event of a security breech or other emergency
• Perform effectively despite sudden deadlines and changing priorities
• Proven ability to identify, analyze and solve problems
• Resourceful in solving problems and maximizing resources
• Highly reliable self-starter, self-driven, able to learn on own initiative
• Strong organizational/planning and project management skills
• Communicate, present and negotiate effectively, with strong command of the English language, both written and oral
• Excellent record of dependability and reliability
• Skilled at working with people with diverse backgrounds
• Collaborate easily with co-workers and work well independently

Job Experience and Education:

• Graduate of Bachelor’s Degree in Information Technology, Computer Science, Administration Management or equivalent
• Minimum 4 years of progressive professional experience in Information Security compliance, data protection, security audit and risk management preferably in the BPO industry
• Familiar with different regulations and standards related to information security and data protection (e.g. ISO27001, PCI DSS, SSAE, COBIT, etc.)
• Preferably a certified information security professional, relevant certifications are CISM (Certified Information Security Manager), CRISC (Certified Risk and Information System Control), CISA (Certified

Information System Auditor), ISO/IEC 27001 Information Security Officer or ISO/IEC 27001 Lead Auditor and CISSP (Certified Information Systems Security Professional)

General sign off: 

This description has been prepared to assist in evaluating various classes of responsibilities, skills, and working conditions.  It indicates the kinds of tasks and levels of work difficulty required of positions given this classification.  It is not intended as a complete list of specific duties and responsibilities.  Nor is it intended to limit or modify the right of any supervisor to assign, direct, and control the work of employees under supervision.  Nothing contained herein is intended or shall be construed to create or constitute a contract of employment between any employee or group of employees and the Company.  The Company retains and reserves any and all rights to change, modify, amend, add to or delete from any section of this document as it deems, in its judgment, to be proper.  I have read and understand the requirements of this job description and I am able to meet the requirements as listed above with or without reasonable accommodations

Employee Name & Signature                                                     Date