Information Security Analyst
- Bengaluru, Karnataka, India
Common Purpose, Uncommon Opportunity. Everyone at Visa works with one goal in mind – making sure that Visa is the best way to pay and be paid, for everyone everywhere. This is our global vision and the common purpose that unites the entire Visa team. As a global payments technology company, tech is at the heart of what we do: Our VisaNet network processes over 13,000 transactions per second for people and businesses around the world, enabling them to use digital currency instead of cash and checks. We are also global advocates for financial inclusion, working with partners around the world to help those who lack access to financial services join the global economy. Visa’s sponsorships, including the Olympics and FIFA™ World Cup, celebrate teamwork, diversity, and excellence throughout the world. If you have a passion to make a difference in the lives of people around the world, Visa offers an uncommon opportunity to build a strong, thriving career. Visa is fueled by our team of talented employees who continuously raise the bar on delivering the convenience and security of digital currency to people all over the world. Join our team and find out how Visa is everywhere you want to be.
“Visa will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of Article 49 of the San Francisco Police Code.”
3P technology Risk Management leads risk management activities around third parties for VISA.
Members of this team work across a number of stakeholders who work with third parties to ensure appropriate processes, procedures and controls are adequately designed, implemented or remediated to meet VISA Key control requirements and mitigate any risks that are associated to with third parties. The success of this unit requires dedicated professionals who posses the analytical, feasibility, relationship and executive summary skills needed to form highly reliable risk management strategies to meet various Visa Inc. requirements along with compliance and regulatory requirements. As a Lead Project Manager within 3P technology risk management you will be responsible for providing Risk Management advice under GIS for 3P related matters. Responsibilities of the Technology Risk Operations Senior Information Security Risk Analyst
An in-depth understanding of the broad regulatory landscape impacting VISA business
areas. Remain current with emerging regulatory sentiments as well as solution trends in the marketplace.
Assessing the impact of laws and regulations on VISA systems and technology. Work with other risk
organizations to shape organizational control policies and standards.
Manage large scale risk/security assessment studies and projects to validate and remediate
perceived risks. Perform interviews, document design assessments, and walkthroughs of key controls (both new and existing).
Lead cross-functional remediation teams in developing processes using requirements gathered from
clients and engineering.
Exhibit pragmatism in formulating process remediation and implementation strategies, defining work tracks; and submitting assessment findings and recommendations
Design sustainment strategies and measurement systems to ensure that risk management techniques and strategies can continue to be maintained over time.
Support IT multi-year planning process by providing program and project descriptions, estimated costs and risk justification data.
Develop and nurture trusted relationships with Business Partners, VISA IT Executives, Security
& Compliance Officers and other Compliance Team Members to gain consensus approvals on strategies, recommendations, findings, project plans, etc.
Knowledge and understanding of emerging technologies including but not limited to mobile
Knowledge of risk management for emerging technologies.
3-5 years audit and risk management experience that includes a broad understanding of the software
delivery process, professional services consulting and/or program management.
3-5 years experience providing information security or information technology consulting services to a broad range of companies and/or federal and state agencies.
3-5 years of progressively responsible management experience in the following areas: planning, budget/forecast/financial management, and staffing
Solid understanding of Enterprise Risk Management and Strategy frameworks as well as understanding of current enterprise threat scenario as related to financial industry
Demonstrated ability to manage implementations of large-scale, complex, multi-disciplined,
cross-functional and highly visible projects/programs.
In depth knowledge of:
Current information security and compliance vendor landscape
Control frameworks such as COSO
Regulatory requirements in particular PCI-DSS, GLBA, FFIEC
Ability to direct and lead cross-functional, cross-vendor teams
Must be experienced in Project Management Methodologies and experienced in mentoring less experienced project personnel
Certified Information Security Auditor/Manager (CISA/M) designation or CISSP
Excellent communicator with strong client relationship focus with business sponsors, enterprise architects, and information security engineers to articulate business case and technology options
Practical experience managing multiple large-scale compliance/audit projects simultaneously, strong internal consulting, customer account management, and defining engagement scope, negotiating commitments, gathering requirements, defining deliverables, designing integrated solutions, and overseeing technical implementations considered a plus
Proven experience proposing enterprise level solutions to mitigate risk
- Support Third Party Technology Risk Management Team in Vendor Compliance, on site assessments and monitoring of vendors
- Work closely with Finance (supplier Risk Management Team)