Job Details
Experience Needed:
Career Level:
Education Level:
Salary:
Job Categories:
Skills And Tools:
Job Description
- Work closely with the Head of Risk & Compliance and senior IT Services stakeholders to ensure that appropriate security guidance is provided to support project delivery;
- Input in to the design and implementation of standards, policies, guidelines and appropriate architectural principles to ensure the firm’s cyber security goals continue to be met;
- Provide risk based direction in conjunction with IT Services for future system enhancements in line with the overall firm’s strategy;
- Recognise potential opportunities for enhancing the firm’s security, ensuring minimal impact to
practitioners; - Provide subject matter expertise to support business relationship management functions.
- Act as Data Protection Officer ensuring systems and the information within them comply with current and future (as much is known) requirements.
- Ensure Ogier has an effective Data Classification process in place
- Ensure Ogier as an effective data retention and archiving process in place
- Take ownership and ensure Governance, Policy and Procedures in relation to Management of Information Security meets agreed standards within Ogier. Technology Risk Assurance
- Have responsibility for scoping penetration testing activities to identify security weaknesses within Ogier's technology environments;
- Develop a culture of in-depth understanding as to why security testing is required at both business and internal team level;
- Analysis of information protection technologies and processes to identify technology security weaknesses;
- Lead ongoing risk assessments of data processing systems to confirm the design of logical controls are effective and meet regulatory and legal requirements; and
- Provide quality reports to summarise test activities, including objectives, planning, methodology, results, analysis and recommendations to both technical and non-technical audiences.
- Form the output of the reports provide suggested approaches to enhance further.
Job Requirements
- Preferred industry qualifications - CISSP / CISA / CRISC / SABSA
- ISACA Certified Information Manager;
- Broad knowledge of a wide range of Information Technology systems and a deep understanding of the inherent security risks associated with these technologies;
- Understanding of information security principles and best practice (e.g., ISO27001 and ISF Standards of Good Practice for Information Security);
- Strong technical abilities, combined with business acumen;
- Ability to present security topics to a non-technical audience and presenting the business value of
security; - A good understanding of IT networking and access management concepts;
- Ability to understand and assess technology systems and applications from both a technical and business function perspective;
- Ability to communicate business and technical risk to all levels of audience;
- Excellent interpersonal skills with the ability to build and influence teams; and self-motivated
Contact
