VMware Senior Analyst, Information Security Risk Management in Palo Alto, California

Posting Title

Information Security Risk Management Senior Analyst

Job Description

The Information Security Risk Management Senior Analyst will be a key member of the team responsible for identifying and managing information security risks to VMware. The Senior Analyst should ensure that VMware’s systems, information and physical assets are adequately protected, while providing visibility to Management of the control status and top risks on an ongoing basis.

This individual will work closely with all the Business, IT and other verticals in Information Security Group located at VMware’s offices throughout the globe. The Data Sr. Analyst must possess initiative and drive and have broad relevant technical knowledge for a cloud based environment. Good management expertise and excellent written and verbal communication skills are also key attributes for the position

The Information Security Risk Management Senior Analyst will report to the Senior Manager, Information Security Risk Management.


  • Identify and manage information security risks to VMware’s

  • Assist in the enhancement of risk assessment questionnaires to align with risk appetite, regulatory requirements and enterprise risk framework

  • Conduct annual risk assessments throughout VMware to assess risk management maturity of the organization

  • Establishes & maintains risk management processes to enable accurate risk reporting and effective reduction of residual risk through eGRC solution

  • Collaborate with Business and IT teams to ensure proper risk identification and mitigation of critical risks

  • Collaborates with other internal teams to ensure the risks from 3rd parties are mitigated to acceptable levels

  • Assist other information security activities as required

  • Works effectively as part of a geographically distributed team

Required Skills

  • Minimum 10 years of experience in Information Security with at least 8 years of experience in information security risk management

  • Exposure and hands on experience on risk assessment methodologies, create & maintaining risk databases, risk treatment and mitigation activities

  • Experience with working single handedly with multiple internal IT, Business teams and partners

  • Advanced knowledge of key information risk management and security related standards including OWASP, ISO 2700x series, PCI-DSS, Data Security and Privacy Acts and NIST standards

  • Experience in assisting an organization certified in ISO 27001

  • Strong understanding of application, network, operating system and core infrastructure security concepts

  • Experience in working with project teams to identify projects risks and risks due to introduction of new applications

  • Experience in assessing risks associated with a vendor relationship prior to the renewal of contract agreements

  • Experience in reporting top risks to the Senior Management

  • Proactive and detail orientated team player

  • Capable of working cooperatively with a leadership team working in a challenging, dynamic and global environment

  • Experienced in a dynamic, fast-paced environment with rapidly changing business needs

  • Skilled at preparing risk reports for all levels within the company

  • Bachelor’s degree in Computer Science or related discipline

  • Security certifications like ISO 27001 / 31000, CISSP, CISA, CISM, CRISC or equivalent certifications


Palo Alto, California, USA

VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. VMware will provide reasonable accommodation to employees who have protected disabilities consistent with local law.