UK Risk Analyst – Information Security

ABOUT NICE inContact: NICE inContact makes it easy and affordable for organizations around the globe to provide exceptional customer experiences while meeting key business metrics. NICE inContact provides the world’s No. 1 cloud customer experience platform, NICE inContact CXone™, combining best-in-class Omnichannel Routing, Workforce Optimization, Analytics, Automation and Artificial Intelligence on an Open Cloud Foundation. NICE inContact is a part of NICE (Nasdaq: NICE), the worldwide leading provider of both cloud and on-premises enterprise software solutions. 

We are seeking an experienced security professional to join our Trust team and be an integral part of developing our Information Security program. Reporting to the Manager of IT Security and Compliance, this person will work closely with many parts of the business, including Trust, Legal, Service and Operations, and Finance. Their primary focus will be on assessing and communicating business risk and threats. As an Information Security Risk Analyst, you will also be involved in creating strategy and assisting with contractual service level agreements.

Provides technical guidance and risk acceptance/denial parameters to Legal team and Vendor Management team to provision bilateral security gates amongst customers, partners, and vendors. Provide data analysis to support, compile, report, and communicate key security information for indirect and direct client engagements. Responsible for documenting and sustaining the company approved Security Profile, Standard Information Gathering (SIG) solution and, working with our current and future customers on accepting our industry adopted and accepted SIG. 

Major Functions/Responsibility

 Contract Management

1. Receive draft contracts from various business owners, and review the purpose of the contract and any information that may be involved with the business owner
2. Responsible for analyzing, correlating, documenting, and providing recommendations for customer and vendor service level agreements.
3. Work directly with customers to translate complex commercial/legal scenarios into simple language and action/risk plans.

1. Conducting, tracking, and following up on customer contracts and vendor risk assessments
2. Maintaining the company information security risk registry
3. Assisting with corrective action plans associated with identified risks
4. Assisting with the development of assessment programs and questionnaires to aid in the identification and mitigation of third-party supplier security risks

8. Develop and manage relationships with stakeholders at all levels of the business and play a lead role in embedding a good compliance culture.

This job description is not intended to be all-inclusive, and employee will also perform other reasonable related business duties as assigned by immediate supervisor and other management as required.

This organization reserves the right to revise or change job duties as the need arises. This job description does not constitute a written or implied contract of employment.

Required Education, Experience, and Specific Job-Related Skills

Bachelor’s degree in Business, Information Systems, Information Security or related field or equivalent work experience required.

• 5+ years working in Risk, SaaS business or technology industry.

• Familiarity with security and privacy standards and regulations (E.g. GDPR, SOC II, PCI, ISO 27001/2)
• Knowledgeable of all aspects of business procurement functions.
• Excellent communication skills, both written and oral.
• Understanding of cybersecurity methods and technologies within applications and cloud environments.
• Ability to present