Information Security, Risk & Compliance Analyst at NTT Ltd.

• In alignment with the Group Chief Security Officer the Information Security Governance, Risk & Compliance Analyst will support the orchestration of information security governance, risk and compliance activities for Group and subsidiaries.

Key Roles and Responsibilities:

• This role supports the business and protects NTT’ reputation by taking responsibility for overall Information Security Management and aligns IT security with business security, ensuring that information security is effectively managed in all service and business activities within NTT Ltd.
• The Risk Analyst’s primary role is ensure NTT Ltd Group and Subsidiaries establish and maintain information security program. Implement process and controls to monitor group and subsidiary compliance practices to avoid breaching laws, regulations, policies, contractual and other security obligations and work to achieve compliance or in instances where non-compliant, ensure these are well understood with the risks managed in accordance with group risk management policies.
• They will support and coordinate technical staff so that an integrated security strategy is embedded to achieve the certifications and compliance obligations of the group.
• They are technology and compliance specialist and will provide senior mentorship, thought leadership and technical guidance to NTT Ltd Group and Subsidiaries stakeholders & country security solution architects, specialists and business development Analysts. They will augment enterprise account planning initiatives, technical presales and bid management opportunities.

Identify risk and non-compliance:

• Risk & Compliance Specialists take responsibility for the identification of potential risks, incidents and problems before they occur.
• Identify, classify and record problems for all recurring issues and incidents to determine their root cause. These individuals also assist with ensuring that reported incidents and problems are solved and proactively review these to ensure the development of remedial action. They support, review and investigate allegations as assigned by the country, regional and group team. They advise internal management on the implementation or operation of compliance programmes and any compliance issues. This employee will monitor or assess compliance systems to ensure their effectiveness and/or recommend appropriate compliance systems. They work with the relevant agencies or government organisations to supply information relating to compliance and ensure that any breaches are identified and dealt with, including advising the relevant stakeholders of such breaches.

Manage risk and compliance

• The Risk & Compliance Specialist is responsible for risk and incident management in accordance with relevant legislation and ensures that the relevant stakeholders are advised of such incidents. To ensure the proactive management of risk, they update and maintain a “known breach / error database” containing all problems and workarounds. They assist with the provision of information to senior management on risk issues and assist with the provision of a plan to manage these. They also assist with chairing of post incident review meetings and develop the relevant action plans to allow for proactive risk management. They work closely with the Group Compliance team to implement Group policies and procedures locally, co-ordinating with local legal teams for compliance with local laws.
• They conduct regular internal reviews to ensure compliance to relevant policies and procedures, ensuring the update or modification of such to align with local laws and regulations.

Information Security Governance, Risk & Compliance Analyst:

• Develops and evaluates compliance with programs and processes to mitigate cybersecurity risk and ensure protection of company and allied assets and information.
• Researches and interprets current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements.
• Conducts information security risk assessments, security compliance audits and cybersecurity audits.
• Establishes IT security audit procedures relevant to SOX, HIPAA, PCI DSS and international data privacy laws.
• Evaluates and tests the design and operating effectiveness of IT security controls. Maintains compliance of internal IT security controls by meeting internal and external information security requirements.
• Documents, investigates and reports cybersecurity compliance issues and incidents. Works with business leaders to ensure information security risk findings are reviewed and solutions are implemented.

Knowledge, Skills and Attributes:
Personal Attributes And Skills Required

• Demonstration of NTT Ltd core values of Proactivity, Teamwork, Professional Excellence, Partnership, Personal Commitment and Multi-Cultural Strength.
• Good knowledge of security risks and preventative controls
• Good understanding of security operational processes and controls
• Good project, analysis, problem solving, and business relationship skills
• Computer Science Degree or equivalent together with specialised training in new technologies and legacy systems

Excellent Communication Skills

• Must be an intelligent, articulate and persuasive leader who can serve as an effective member of the senior management team and who is able to communicate security-related concepts to a broad range of technical and non-technical staff
• Should have experience with business continuity planning, auditing, and risk management, as well as contract and vendor negotiation
• Must have strong working knowledge of pertinent law and the law enforcement community
• Highly developed technical capability across a broad range of Security products / solutions
• Interpersonal skills and the ability to develop strong customer (Internal / External) relationships
• Strong industry and market awareness
• Ability to negotiate / influence
• Ability to communicate to all audiences levels (executive to technical)
• Comfortable with presenting and communicating solutions internally and to clients / market at a business and technical level
• Track record of effective workshop and interview skills
• Good interpersonal and consultative skills.

Strong Professional Documentation Skills

• Ability to map business needs to technology solutions
• Ability to discuss and report technology and information security risk with non-technology and executive business stakeholders
• Interpersonal skills with the ability to develop strong relationships
• Ability to engage and guide a team of engineers

A strong client service orientation

• A team player willing to develop and share IP
• This position must be ardently attuned to security news, trends, risks, and events and be able to understand vulnerabilities and exploit code sufficiently to understand security implications and assess their impacts.
• Maintain up-to-date knowledge of security threats, countermeasures, security tools, and network technologies
• Conduct security assessments, Document findings, create reports and communicate recommendations to executive management in verbal and written format
• Experienced with tools such as IDS/IPS, Hacking (Penetration testing) tools, Vulnerability Management tools, Firewalls, VPNs, VMware, Honeynets, etc.
• Thorough understanding of Windows and Unix-based vulnerabilities and exploitation techniques
• Comprehensive understanding of operating systems, network architectures, and system administration
• Familiarity with network protocols

Academic Qualifications and Certifications:

• Degree / Certifications – Information Technology/Audit/Risk Management
• Security Certifications – CISA, CRISC or equivalent (Highly Desirable) , Lead Auditors (ISO 27001)

Required Experience:

• Experience of working in crross multicultural teams accross multiple countries
• Security Professional that understand Security Compliance and posture
• Consulting experience an advantage
• At least 3 years’ work relevant experience
• At least 3 years’ experience in Technology Information Security Industry