Job Description

Role : Senior Cyber Security Risk Analyst Location : Chennai / Bangalore (India) Work Mode : Hybrid About Pearson: Our purpose: At Pearson we \'add life to a lifetime of learning\' so everyone can realise the life they imagine. We do this by creating vibrant and enriching learning experiences designed for real-life impact. Pearson was founded in 1844 and has been built on our ability to grow with and adapt to a constantly evolving market. Our 20,000+ employees are dedicated to creating high-quality, digital-first, accessible and sustainable resources for lifelong learning. About Pearson\'s Chief Information Security Office Pearson\'s Chief Information Security Office (CISO) is responsible for establishing and maintaining the enterprise vision, strategy, and program for protecting the confidentiality, integrity and availability of information assets and technologies from threats and vulnerabilities. We are composed of 4 key pillars: Security Operations, Security Engineering and Architecture, Posture Management, and Governance, Risk and Compliance. About the Job: You will be a key member of CISO\'s Governance, Risk and Compliance pillar, and will be required to form strong partnerships with all CISO pillars and key stakeholders across Pearson Digital and Technology and the Business Divisions. You will contribute to the innovation and transformation of Pearson\'s Security Risk and Compliance programme, with a focus on promoting a culture of risk identification quantifying risk using industry standard methodologies, interpreting security policies and standards, providing guidance to the business about cost vs benefit of risk mitigation options, as well as providing governance oversight of risk remediation activities. You will be responsible for, but not limited to, the following: Conduct control checks against policies and standards within both technology environments and business processes. Conduct risk assessments of applications, platforms, and processes ensuring that risks are appropriately quantified, communicated, and managed. Prepare business friendly information security risk reports that cuts through both technical and business audience. Ensure risks are kept up to date to reflect changes in vulnerability and threat landscapes. Manage risk mitigation and remediation plan with accountable risk owners. Implement and maintain ISO27001 standards, PCIDSS, SOC-II Accreditations, Cyber Essentials and provide routine status reports. Support cybersecurity assurance activities, ensuring reviews are scoped accordingly and resulting actions are managed to resolution. Review regulatory requirements and ensure they are mapped to the security controls. Develop metrics and measurements to demonstrate adherence to security frameworks. Provide management reports on governance and organisational risk posture. Review technical solutions to verify they comply with regulatory requirements and the target architectures. Develop subject matter expertise on regulatory requirements that impact Pearson. Key Skills & Experience: Experience within the Cyber Security field, with a focus on Governance, Risk, Compliance and Assurance. Relevant professional cyber security qualifications (e.g., CISSP, CISM, CRISC, CCSP, CEH). Demonstrable expertise working with common information security management frameworks, such as ISO/IEC 27001/2, NIST 800-53, NIST CSF, CIS Top 20, CIS benchmarks. Excellent verbal and written communication skills, with experience communicating with a wide range of audiences including technologists, executives, and business stakeholders. Demonstrable experience within the design, implementation, and management of systems and/or assurance frameworks. Highly analytical and a critical thinker, with strong problem-solving skills. High degree of initiative, dependability and thought leadership. Desirable Skills & Experience: Degree in Cyber Security or a related subject, such as Information Technology. Experience in enterprise IT, system technology, infrastructure, cloud and / or hosting. Experience working in a similar sized organization. Knowledge of relevant legal and regulatory requirements, specifically US, UK, and EU. Experience governing Payment Card Industry Data Security Standards (PCI DSS) compliance within eCommerce is a bonus. Diversity: At Pearson we value the power of an inclusive culture and a strong sense of belonging. We promote a culture where differences are embraced as strengths and opportunities are equal and accessible. How to apply: Thank you for your interest in applying for a role at Pearson. Please submit an updated CV and cover letter (optional) in English. If you have any additional questions or require further information, please do not hesitate to reach out to us. We look forward to receiving your application. What to expect from Pearson Did you know Pearson is one of the 10 most innovative education companies of 2022 At Pearson, we add life to a lifetime of learning so everyone can realize the life they imagine. We do this by creating vibrant and enriching learning experiences designed for real-life impact. We are on a journey to be 100 percent digital to meet the changing needs of the global population by developing a new strategy with ambitious targets. To deliver on our strategic vision, we have five business divisions that are the foundation for the long-term growth of the company: Assessment & Qualifications, Virtual Learning, English Language Learning, Workforce Skills and Higher Education. Alongside these, we have our corporate divisions: Digital & Technology, Finance, Global Corporate Marketing & Communications, Human Resources, Legal, Strategy and Direct to Consumer. Learn more at We are Pearson. We value the power of an inclusive culture and also a strong sense of belonging. We promote a culture where differences are embraced, opportunities are accessible, consideration and respect are the norm and all individuals are supported in reaching their full potential. Through our talent, we believe that diversity, equity and inclusion make us a more innovative and vibrant place to work. People are at the center, and we are committed to building a workplace where talent can learn, grow and thrive. Pearson is an Affirmative Action and Equal Opportunity Employer and a member of E-Verify. We want a team that represents a variety of backgrounds, perspectives and skills. The more inclusive we are, the better our work will be. All employment decisions are based on qualifications, merit and business need. All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We strive for a workforce that reflects the diversity of our communities. To learn more about Pearson\'s commitment to a diverse and inclusive workforce, navigate to: Diversity, Equity & Inclusion at Pearson. If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing [HIDDEN TEXT]. Note that the information you provide will stay confidential and will be stored securely. It will not be seen by those involved in making decisions as part of the recruitment process.

foundit