COMPANY PROFILE:
WHO WE ARE LOOKING FOR:
The position will be primarily responsible for implementing, coaching, and improving an integrated risk, compliance and security management system.
The management system enables the IT teams globally to identify, document, measure and address its compliance requirements, including but not limited to data protection, privacy, 3rd party/vendor, information security and procurement.
The Risk and Compliance Specialist's responsibilities include supporting teams to drive all their risk, compliance and security requirements ensuring they deliver and sustain compliant and secure products & platforms meeting the business risk appetite.
YOUR KEY RESPONSIBILITIES:
- Ensure ongoing compliance with the Group policies and procedures for information security and support key business initiatives by identifying security and compliance related risks.- Design and/or conduct security risk assessments.
- Maintain the risk management system through continuous review and evaluation of external frameworks and standards (e.g., ISO27001, COBIT, NIST, ITIL etc.
), including Implementing tools and process to support an integrated Risk, Compliance & Security Framework.
- Provide guidance and support to business and IT teams in implementing by design the required IT compliance in their solutions to meet the desired level of compliance maturity.
- Assist and collaborate with internal and external Auditors, tracking and following up all IT audits, internal review or regulatory findings as corrective & preventative actions.
- Coach and support teams in managing Risk, Compliance & Security gaps through documented corrective & preventative actions, tracked through the management system.
- Support Security Risk and Compliance team in developing and maintaining the IT Security documentation: (policies, guidelines, standard, templates, training materials, etc.
)
- Prepare compliance reports and status reports, identify issues, and report to senior management.
- Communicate to senior management, through reports, presentations, metrics and other documentation, any cyber-security risks identified.
YOUR KEY COMPETENCES AND QUALIFICATIONS:
- 5+ years of experience in a combination of risk management, compliance, information security and IS/IT jobs
- Strong experience with Governance, Risk, and Compliance tools and technology
- Strong technical experience in security or technology risk assessment, with proficiency in a risk management framework and the ability to assess administrative and technical controls
- Proven ability to develop risk management strategies that align with business goals and protect the confidentiality, integrity and availability of information systems and data
- A demonstrated practical, real world, collaborative approach to problem solving with the ability to make sound decisions and accept result accountability.
- Ability to understand and interpret regulatory requirements and the business implications, assessing risks and provide concise business-focused advice.
- Excellent verbal and written communication skills, with the ability to convey technology and security concepts to management
- Strong problem-solving and follow-up skills, along with excellent attention to detail
- The ability to work independently and multitask effectively to successfully manage projects in a diverse, project-oriented environment
- Master's Degree in Computer Science, Engineering, Information Systems Management, Information Security, or other related fields
- Experience with various security & compliance frameworks and requirements including NIST, ISO 27001, COBIT, SOC 2, etc.
- CISSP, CISA, CISM and/or other comparable certifications.