Guardian Life Insurance Company Looking for Lead IT Risk and Compliance-1 at Gurgaon, Haryana Full Time

Job Description:
The Senior Third Party Risk Analyst is responsible for project administration, tracking, monitoring and response coordination on Policy, Operational Risk assessments, Internal Audit, Third Party Risk Management and regulatory compliance items. He/she will report directly to the officer responsible for Operational Risk & Resiliency in the company’s Operational Risk Office, a division of the company’s Corporate Finance area.

Qualifications:
Position Objective: • Perform monitoring activities for privileged access and service accounts • Assist in sensitive data discovery project (securing folders) • Create/collect/compile metrics for IT Security Council • Perform testing on non-production environments to ensure data is masked/de-identified • Determine automation and improvement opportunities to current processesMajor Opportunities and Decisions: (Describe the more difficult and/or complex challenges or opportunities and decisions faced in doing work, improving processes or meeting customer needs. Where must position focus to be successful?) – Detail and accuracy in all manual processes and reporting – Project Management skills, for timely completion of tasks. – Organizational skills to manage the artifacts that feed into the workflow. – Customer service skills, to schedule and follow-up data owner’s participation. – General technical understanding of the interrelationships and security requirements of the various components under review. Principal Accountabilities: (List 6-8 major areas of responsibilities in order of importance, and purpose of these activities. In addition, identify percent of time normally spent and whether the activity is an essential or minor function.) Based on the focus areas highlighted above, the following matrix expands upon these activities. Please note that the % of time varies to where the Project is within its relative Project Life Cycle. Accountability Activity Daily QA review of privileged access usage – Run reports in Splunk daily for Privileged Access activity – Search Guardian Service Center (ticketing system) for related tickets – Compile any violations to send to onshore resource for violation notifications Daily monitoring of service account usage – Use daily Splunk reports for Interactive Service ID usage activity – Windows, Unix, and Database – Search Guardian Service Center (ticketing system) for related tickets – Compile any violations to send to onshore resource for violation notifications Business Analysis for unstructured data – Review reports from Varonis Sensitive Data Discovery tool to determine location of targeted sensitive data types, and security groups applied to those locations. – Use existing reports to assign ownership to those directory locations. – Follow up with data owner to determine whether data can be removed or moved to secure location Collect and Create Risk and Controls metrics for IT Security Council – Collect data/Run reporting in GSC, Splunk, StealthAudit, etc. – Create metrics tables and graphs. – Compile metrics into PowerPoint to send to onshore resource for validation and stakeholder notifications/follow ups Test Data Masking Validation (Compare non-prod to prod to ensure that non-prod environments are probably masked) – Filtering of MAL data extracts on Privacy Data – Engaging subject matter experts to complete current state posture of test data masking templates – Ability to analyze and identify risks where data not de-identified – Compile any identified risks to send to onshore resources for creating risk entries within Archer – Ability to validate risk remediation with SME’s through data compares – Track and monitor open applications reviews, communicate non-compliance and ensure remediation plans in place and monitored Process Improvement/Automation – Identify opportunities for automation of current activities – Develop scripts/code to enhance workflows Education and Experience: (Identify types and length of education and experience needed to acquire the necessary skills and knowledge to accomplish the desired end results.) Education: Education: – BS / BA in Computer Science or related field or equivalent experience is desired. Experience: – Minimum 3-5 years of experience in IT – Able to be available during US business hours for owner communications – Strong Communication skills and command of English language. – Strong MS Excel skills in formulas and graph creation/manipulation – Strong Business Analyst Skills – Familiar with Windows (Active Directory) and user access/permissions. – Familiar with Windows User Administration using Active Directory Users and Computers (ADUC) tool. – Familiar with Windows Fileshares – Ability to analyze and update data from reports. – Understanding of basic project management – Familiar with test data masking standards and guidelines preferred – Familiar with Master Application List preferred – Knowledge of US HIPPA, PII, and SSNs for sensitive data discovery preferred – Basic knowledge of Security: configuration, malware, phishing, etc is a plus – Experience in writing scripts and/or programming a plus

Location:
This position can be based in any of the following locations:
Gurgaon