Senior Analyst, Information Security Risk Management

VMware   •  

Palo Alto, CA

11 - 15 years

Posted 265 days ago

This job is no longer available.

Job Description
The Information SecurityRisk Management Senior Analyst will be a key member of the teamresponsible for identifying and managing informationsecurityrisks to VMware. The Senior Analyst should ensure that VMware’s systems, information and physical assets are adequately protected, while providing visibility to Management of the control status and toprisks on an ongoing basis.

This individual will work closely with all the Business, IT and other verticals in Information Security Group located at VMware’s offices throughout the globe. The Data Sr. Analyst must possess initiative and drive and have broad relevant technical knowledge for a cloud based environment. Good management expertise and excellent written and verbal communication skills are also key attributes for the position

The Information Security Risk Management Senior Analyst will report to the Senior Manager, Information Security Risk Management.


  • Identify and manage information securityrisks to VMware’s
  • Assist in the enhancement of risk assessment questionnaires to align with risk appetite, regulatory requirements and enterprise risk framework
  • Conduct annual risk assessments throughout VMware to assess risk management maturity of the organization
  • Establishes & maintains risk management processes to enable accurate riskreporting and effective reduction of residual risk through eGRC solution
  • Collaborate with Business and IT teams to ensure proper risk identification and mitigation of critical risks
  • Collaborates with other internal teams to ensure the risks from 3rd parties are mitigated to acceptable levels
  • Assist other information security activities as required
  • Works effectively as part of a geographically distributed team

Required Skills

  • Minimum 10 years of experience in Information Security with at least 8 years of experience in information securityrisk management
  • Exposure and hands on experience on risk assessment methodologies, create & maintaining riskdatabases, risk treatment and mitigation activities
  • Experience with working single handedly with multiple internal IT, Business teams and partners
  • Advanced knowledge of key information risk management and security related standards including OWASP, ISO 2700x series, PCI-DSS, Data Security and Privacy Acts and NIST standards
  • Experience in assisting an organization certified in ISO 27001
  • Strong understanding of application, network, operating system and core infrastructuresecurity concepts
  • Experience in working with project teams to identify projects risks and risks due to introduction of new applications
  • Experience in assessing risks associated with a vendor relationship prior to the renewal of contract agreements
  • Experience in reporting top risks to the Senior Management
  • Proactive and detail orientated team player
  • Capable of working cooperatively with a leadership team working in a challenging, dynamic and global environment
  • Experienced in a dynamic, fast-paced environment with rapidly changing business needs
  • Skilled at preparing riskreports for all levels within the company
  • Bachelor’s degree in Computer Science or related discipline
  • Security certifications like ISO 27001 / 31000, CISSP, CISA, CISM, CRISC or equivalent certifications

Job ID R183427