Senior Risk Analyst

As a Senior Risk Analyst at Anthology, you will be a valuable part of the Information Security team, reporting to the Senior Director of Information Security Governance, Risk & Compliance (GRC). Your primary responsibilities will include: - Owning the development and continued maturation of Anthologys security and privacy risk management program - Reviewing and evaluating Anthologys corporate and product security and privacy risks by assessing the effectiveness and adequacy of internal management controls, and recommending control enhancements - Performing assessments of new programs and projects to determine the information security risk(s) and applicable security controls needed for mitigation - Providing guidance to business stakeholders for 'security by design' by validating requirements before Go-Live, defining risks, recommending mitigations, registering risks, and following up on remediation progress - Executing structured risk assessments of key applications focusing on compliance with company policies, frameworks, and standards - Conducting risk assessments on processes or specific issues, defining risks, and proposing mitigation actions - Ensuring compliance with policies and standards while providing transparency on compliance status - Creating security awareness and educating internal stakeholders on risk management methodology - Keeping abreast of relevant international legislation, emerging threats, policies, and risk management developments - Collaborating with other security risk management teams, Corporate IT, data privacy office, and internal audit functions Qualifications required for this role include: - Minimum of 5 years of relevant experience in information security risk management, with a focus on assessments/audits - Knowledge and experience with security standards and frameworks like ISO, NIST, CIS - Ability to translate IT threats and vulnerabilities into business risks - Experience in a global organization with the ability to work in complex, international environments - Proficiency in written and spoken English - Effective project management skills - Experience with cloud technologies such as AWS and Azure Preferred skills and qualifications include: - Experience in a global organization with the ability to navigate complex, international work environments - Familiarity with the Center for Internet Securitys Risk Assessment Methodology (CIS-RAM) - Relevant industry certifications (e.g., CRISC, CISM, CISA, CISSP, CCSP) - Experience with project management tools - Ability to document security-related policies or procedures - Quick adaptation to new technologies and skills Please note that this job description may not cover all responsibilities and duties required for the role. Anthology is an equal employment opportunity/affirmative action employer that values diversity and inclusion in the workplace. As a Senior Risk Analyst at Anthology, you will be a valuable part of the Information Security team, reporting to the Senior Director of Information Security Governance, Risk & Compliance (GRC). Your primary responsibilities will include: - Owning the development and continued maturation of Anthologys security and privacy risk management program - Reviewing and evaluating Anthologys corporate and product security and privacy risks by assessing the effectiveness and adequacy of internal management controls, and recommending control enhancements - Performing assessments of new programs and projects to determine the information security risk(s) and applicable security controls needed for mitigation - Providing guidance to business stakeholders for 'security by design' by validating requirements before Go-Live, defining risks, recommending mitigations, registering risks, and following up on remediation progress - Executing structured risk assessments of key applications focusing on compliance with company policies, frameworks, and standards - Conducting risk assessments on processes or specific issues, defining risks, and proposing mitigation actions - Ensuring compliance with policies and standards while providing transparency on compliance status - Creating security awareness and educating internal stakeholders on risk management methodology - Keeping abreast of relevant international legislation, emerging threats, policies, and risk management developments - Collaborating with other security risk management teams, Corporate IT, data privacy office, and internal audit functions Qualifications required for this role include: - Minimum of 5 years of relevant experience in information security risk management, with a focus on assessments/audits - Knowledge and experience with security standards and frameworks like ISO, NIST, CIS - Ability to translate IT threats and vulnerabilities into business risks - Experience in a global organization with the ability to work in complex, international environments - Proficiency in written and spoken English - Effective project managemen