Job Details
Experience Needed:
Career Level:
Education Level:
Salary:
Job Categories:
Skills And Tools:
Job Description
- Delivery of Security GRC management and processes that get with Security Strategy.
- Creation, implementation, and monitoring of information security polices, processes, exceptions, and change management requests assessment to automate and continuously monitor information security controls, risks, testing and incidents.
- Develop and maintain a risk register and risk management framework.
- Performing end to end IT solutioning/workflow risk assessment to identify potential risks and propose mitigation solutions.
- Schedules regular assessments and testing of effectiveness and efficiency of controls and creates security metrics, dashboard.
- Ensuring that requirements in PCI Standards, IT Audit, Security Standards, Policy, Compliance and Risk controls are met.
- Updates security controls and provides support to all stakeholders on security controls covering internal assessments, laws and regulations.
- Responsible for managing Third Party Risk management (review of NDA, SLA, SOC type II reports).
- Performs and investigates internal and external information security risk and exceptions assessments.
- Coordinate with Infrastructure and business systems Teams to implement identified controls, policies, and procedures.
- Develop information security awareness materials to be sent to all corporate employees
- Remains current on best practices and technological advancements and acts as the corporate’s technical resource for security assessment and regulatory compliance.
- Performs other related duties as assigned.
- Manage the ISMS and security standards (PCI DSS…) scope as well as strategic expansion across the globe.
- Support the management of information security governance for the organization, ensuring adherence to policies and standards.
- Work closely with the CISO to ensure key information security risks and issues are identified, addressed and resolved in a timely manner.
- Coordinate periodic security assessment and prioritize and manage response activities.
- Work closely with the Information Security Operations team; assist the CISO in providing oversight and challenge to the Fist Line of Defense team.
- Assist with updating the Third-Party Risk Management framework including policy, procedures, due diligence questionnaires and the monitoring of third parties’ adherence to information security and data privacy obligations.
- Assist with the client management aspects of the Information Security team, including client and potential client questionnaires; help design a more effective process including a self-service process and a library of standard responses.
- Develop relevant metrics, analyze data, identify trends and help drive improvements to the control environment.
- Assist the CISO in GRC and general information security issues as required, including interaction with the Security Operations team, Technology teams and business leaders.
Technical Skills:
- Experience of leading an ISMS as part of an ISO27001 certified program.
- Experience of leading PCI compliance and certification program.
- Recent experience of working in a similar capacity in a financial services organization.
- Excellent interpersonal skills, comfortable working at all levels within an organization and in a wide variety of situations.
- Relevant industry certification (e.g. ISO 27001 Lead Auditor, CISSP, CISM, etc.) highly desirable.
- Broad level of knowledge of security and risk issues and techniques across platforms.
- Excellent knowledge of methodologies, processes and tools associated with supporting this function effectively.
- Ability to understand and assess technology systems and applications from both a technical and business function perspective.
- Ability to communicate business and technical risk to all levels of audience.
- Ability to present security topics to a non-technical audience.
- A good understanding of IT networking and access management concepts.
- Knowledge of Information Security Risk management processes & assessment (ISO27005, NIST).
- Strong demonstrated knowledge of Business Continuity Plan and Disaster Recovery Plan.
Job Requirements
- Bachelor’s degree in Engineering, computer science or equivalent
- Required 5 plus years of relevant experience
- Security or relevant IT certification is a plus
- Experience of implementation security policies and procedures within multination organization is MUST.
- Familiarity with Third Party Risk Management, External and internal Audit.
- good communication skills