Table of Contents
Risk Analyst Job Description
| Company | Phonepe |
| Industry | Digital Payments |
| Job Title | Risk Analyst |
| Qualification | Bachelor’s Degree in Computer Science, Information Security, Or A Related Field |
| Experience | Experienced |
| Location | Bangalore |
Risk Analyst Responsibilities
- Risk Assessment: Conduct thorough risk assessments for mobile and web applications, prioritizing vulnerabilities and security risks. Develop effective mitigation strategies based on potential impact, likelihood, and business context, providing actionable recommendations within set timelines.
- Vulnerability Management: Maintain the Vulnerability Management Lifecycle in alignment with organizational standards and industry best practices. Analyze scan results, prioritize vulnerabilities, and collaborate with development teams to coordinate timely remediation efforts.
- Mitigation Strategies: Work closely with development teams to define and implement effective mitigation strategies for identified vulnerabilities. Assist in designing and implementing secure coding practices and application security controls.
- Security Awareness: Provide guidance and training to development teams on risk assessment methodologies, vulnerability management best practices, and secure coding principles. Foster a culture of security awareness and proactive risk management.
- Reporting and Documentation: Maintain detailed records of risk and vulnerability assessments, as well as mitigation efforts. Generate clear and concise reports and documentation for stakeholders, including management, development teams, and auditors.
- Collaboration: Collaborate with cross-functional teams, including developers, quality assurance engineers, and IT personnel, to ensure security considerations are integrated throughout the software development lifecycle.
- Continuous Improvement: Stay updated on emerging security threats, vulnerabilities, and industry trends. Identify opportunities to enhance vulnerability management processes and risk assessment methodologies.
Qualifications
- Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent work experience.
- Proven expertise in risk analysis, vulnerability management, and application security, with a focus on mobile and web applications.
- Familiarity with various vulnerability scanning tools, penetration testing methodologies, and risk assessment frameworks.
- Comprehensive knowledge of application security principles, secure coding practices, and common software vulnerabilities like those outlined in OWASP Top Ten.
- Strong analytical skills for effective risk assessment and prioritization.
- Proficient communication abilities to articulate technical concepts to both technical and non-technical stakeholders.
- Understanding of regulatory compliance standards such as GDPR, HIPAA, and industry security frameworks like NIST and ISO 27001, which is advantageous.
- Possession of relevant certifications like CEH, CISSP, CISM, or CISA is beneficial.
- Self-motivated with the capability to work independently and collaboratively within team environments.
About company
PhonePe, India’s foremost digital payments company, boasts a vast network with 500 million registered users and 37 million merchants, covering over 99% of postal codes nationwide. Building on its leadership in digital payments, PhonePe has diversified into financial services including insurance, mutual funds, stockbroking, and lending, alongside innovative tech-enabled ventures like Pincode for hyperlocal shopping and Indus App Store, India’s pioneering localized App Store. The PhonePe Group comprises a portfolio of businesses that align with the company’s vision of providing every Indian with equal opportunities for progress by facilitating the flow of money and access to services.