Senior Info Sec Analyst (Governance, Risk and Compliance)

Before you apply to a job, select your language preference from the options available at the top right of this page.

Explore your next opportunity at a Fortune Global 500 organization. Envision innovative possibilities, experience our rewarding culture, and work with talented teams that help you become better every day. We know what it takes to lead UPS into tomorrow—people with a unique combination of skill + passion. If you have the qualities and drive to lead yourself or teams, there are roles ready to cultivate your skills and take you to the next level.

Job Description:

Information Security @UPS

Information Security Risk Management has always been and shall continue to remain a top priority for UPS Leadership.

UPS’ Information Security organization oversees all information security issues for UPS's business operations. The InfoSec organization establishes security policies and standards, makes sure UPS is compliant with security regulations, and maintains security controls designed to prevent accidental, unauthorized, or unlawful access, destruction, disclosure, alteration, or loss of UPS’s information assets and infrastructure.

The UPS InfoSec organization is headed by the Chief Information Security Officer (CISO), who reports directly to the Chief Digital and Technology Officer (CDTO).

Information Security GRC team is an integral part of the CISO org at UPS and is responsible for the following assurance activities - Customer Assurance Vendor Assurance Regulatory Assurance and Systems Assurance. In addition, the GRC team is responsible for maintaining Information Security Policies, Standards and Security Awareness initiatives and provides advisory services.

Job Summary

This role will remain part of EMEAI (Europe, Middle East, Africa and India) Information Security team and will be based in India.

The Senior Information Security Analyst role conducts Security Risk Assessments on Applications / Systems with an aim to determine the effectiveness of security controls, identifies risks and control gaps and provide an independent assurance to the leadership. This position collaborates with other IT and non-IT functions enabling them to operate in a risk aware environment.

The role shall conduct Information Security Assessments on Vendors who process UPS or UPS Customer Data based on industry standard security frameworks such as SIG, CAIQ, NIST 800:53 or ISO27001. The role will also conduct negotiations with the Vendors to sign Information Security Agreements, as addendum to contracts.

In addition to responding to Customer RFPs on Information Security, the role will provide SME support for any Customer Assurance Audits representing the interests of UPS and shall also engage in the review and negotiation of the standard Information Security clauses in any agreements with Customers.

The role will collaborate with other teams such as Privacy and Aviation Security to ensure appropriate responses are provided to Information Security / Cyber Security related compliance questionnaire to Regulators responsible for cyber regulations such as NIS 2 and EU 2019/1583.

The role must be able to work independently with little supervision or oversight.

The role must maintain a current knowledge of emerging technologies and cyber / privacy regulations.

The role must act as a trusted advisor to the IT, Privacy, and other business teams.

Professional Experience/Skills

Experience / expertise in areas such as the following:

• Conducting Information Security Assessments to comply with various industry standards including working knowledge of cyber & privacy regulations such as GDPR in addition of expertise in standards such as ISO27001 and NIST 800:53 / NIST 800:171
• Information Security Risk Management and related processes.
• Fundamentals on one of more of the following areas: Security Operations, Security Architecture & Engineering, IT Networking, IT development and Cloud technologies.

The candidate must be a strong communicator and be a teamplayer with an ability to convey technology risks in a comprehensible business lanugage. 

Education

The Senior Information Security Analyst will possess a degree in computer science engineering or in domains such as information technology, Cyber Security, Information Systems or its equivalent.

Certifications

The candidate must possess one or more of the following certifications or their equivalent:

• CISA or CISM or CISSP or Cloud Security or equivalent
• Any additional technology related certifications will be an added advantage.

This position offers an exceptional opportunity to work for a Fortune 50 industry leader. If you are selected, you will join our dynamic team in making a difference to our business and customers. Do you think you have what it takes? Prove it! At UPS, ambition knows no time zone.

Employee Type:Permanent

Employee Type:
 

UPS is committed to providing a workplace free of discrimination, harassment, and retaliation.