Risk Analyst

At NTT we believe that by using innovative technology we can solve global challenges and create a world that is sustainable and secure. We are looking for curious people, from diverse backgrounds, that are keen to work in a fast-paced and agile environment.

At NTT we trust our employees to do the right thing, even when no one is watching, which is why we offer flexibility in the workplace. The majority of our roles are hybrid, meaning we encourage a balance of working from home and our local office. Ask our recruitment team if this is a hybrid role.

**Want to be a part of our team?**

Support the Global Data Center organisation’s governance, risk management, compliance, internal audit, external audits & certification management activity across the APAC countries and Singapore.Support the Director of GRC & APAC Data Center Management in the implementation, maintenance, monitoring & reporting of the Global Data Center organisation’s GRC & ISMS management systems, and internal audit activity across APAC countries and SingaporeSupport, maintain and monitor all relevant data center certifications & external audits (Example: ISO27001, PCIDSS etc) across APAC countries and Singapore**Working at NTT**

The Senior Associate Analyst: Compliance and Data Protection is a global position that supports the orchestration of information security governance, risk and compliance activities for NTT Ltd.

This role supports the business and helps protect the reputation of NTT Ltd by taking responsibility for aligning IT security with business security, ensuring that information security is effectively managed in all service and business activities within this role’s remit.

The primary focus for the Senior Associate Analyst: Compliance and Data Protection role is to help ensure the establishment and maintenance of the security compliance programme and therefore the relevant processes and controls to monitor compliance practices to avoid breaching laws, regulations, policies, contractual and other security obligations.

**Responsibilities**
- Assist with the review of service level and business requirements to develop service methodologies and an information security policy, assessments and methodologies which define security controls relevant to the service and operational requirements
- Interpret information security policies, standards, and other requirements as they relate to a specific internal information system, and assist with the implementation of these and other information security requirements
- Help identify potential risks, incidents and problems before they occur
- Log major service requests for ISM transition including the related sub tasks as follows (but not limited to):

- Review requirements for Security service levels and security controls
- Review customised security policy
- Review access management and operational security management practices
- Identify, classify and record problems for all recurring issues and incidents to determine their root cause and assist with ensuring that reported incidents and problems are solved and proactively reviewed to ensure the development of remedial action
- Document the learnings (what's gone well and what could have been done differently) from the compliance reviews and work on improving the processes
- Assist with the proactive management of risk and update, as well as contribute to the maintenance of a “Risk Register”
- Assist with the provision of information to senior management on risk issues and assist with the provision of a treatment plan to manage these
- Ensure that all relevant information regarding risk is accurate and kept up to date and document progress against activities identified in the risk management plan and provide regular reports on problem status
- Leverage security and risk-related systems including but not limited to:

- Vulnerability management
- Endpoint protection
- Log management/SIEM
- Assist with the implementation of new security tools and provide technical assistance with the initial set-up, secure deployment, and proper management of systems that support information security including malware detection systems, spam filtering systems, content control software systems, web site blocking systems, intrusion detection systems, intrusion prevention systems, and privilege account management systems
- Identify current and emerging technology issues including security trends, vulnerabilities and threats
- Hands-on knowledge of information security technologies such as security design review, threat modelling, risk analysis, and software testing techniques
- Identify opportunities and drive the implementation of automation
- Mitigate enterprise vulnerabilities and reduce attack surface vectors identified through controls implementation
- Help ensure compliance with applicable data security laws, regulations, certifications and customer requirements
- Deliver the design and operation of related security controls and improvement ac