Senior Cyber Assurance Analyst - Telecom

Senior Cyber Assurance Analyst

- Perform Security Risk assessments and conduct related ongoing organizational compliance monitoring activities

- Identifying cloud-related risks and related business impact

- Identifying risk mitigation approaches (actions, phases, manual efforts, etc.)

- Determining that correct measures of governance and controls are in place to validate identified cyber risks and vulnerabilities are prioritized correctly and remediated based on agreed SLA's

- Assess, measure and report findings of our key applications and security and information assurance controls identify and evaluate risks; understand business context and prepare reports and recommendations

- Work with all functional business areas to develop and maintain a corporate wide BCP program that addresses business recovery and emergency response management

- Define, establish, and implement organizational information security processes, to ensure business, regulatory, legislative and contractual requirements and obligations are met.

- Implement internal and external ISMS audit processes, audit plan, monitor effectiveness of controls and corrective actions in cooperation with the stakeholders across the organization.

- Manage gap analysis, compliance readiness, and compliance monitoring activities for ISO/IEC 27001, SOC2 and other regulatory security audits.

- Coordinate external security audits, assessments and testing as well as remediation plans development and implementation.

- Identify, assess, and monitor information security risks and recommend mitigation measures.

- Develop content, coordinate, and facilitate a comprehensive organizational information security awareness training program.

- Manage security requirements with third parties, including due diligence of products and services providers and information security requirements clauses in service provision agreements and contracts.

- Develop, coordinate, and maintain information security policies, procedures and other security related documents.

- Analyze, map, and communicate information security requirements, that derive from legislative and regulatory obligations in various jurisdictions.

- Continually improve and update knowledge to accommodate changes to the company's regulatory environment and needs.

Skills & Experience :

- Proven assurance experience across security governance, risk and compliance domain

- Proven experience of auditing IT systems

- Proven experience across business continuity domains

- Experience of assessing cloud environments

- Strong communication skills and ability to interact professionally with a diverse group including executive management, managers and subject matter experts.

- Strong management skills, leading people, delegating tasks, setting goals and ensuring objectives are met in continuous and deadline-oriented activities.

- Experience in leading ISO 27001:2013 certification and surveillance audits.

- Experience in leading and supporting information security risk assessments and management process.

- Pro-active, self-motivated approach and ability to work independently within a global security team.

- Bachelor's Degree in Information Security, Information Assurance, Computer Science, Cybersecurity, Risk Management or equivalent work experience.

- Professional certification (CISSP/CISM/CRISC and ISO 27001 Lead Implementer/Auditor or similar).

- At least 10 years of experience in Information Security.

- Experience working with cloud security and GRC tools

- Ability to share your specific expertise to the rest of the Technology group