Senior Cyber Assurance Analyst
- Perform Security Risk assessments and conduct related ongoing organizational compliance monitoring activities
- Identifying cloud-related risks and related business impact
- Identifying risk mitigation approaches (actions, phases, manual efforts, etc.)
- Determining that correct measures of governance and controls are in place to validate identified cyber risks and vulnerabilities are prioritized correctly and remediated based on agreed SLA's
- Assess, measure and report findings of our key applications and security and information assurance controls identify and evaluate risks; understand business context and prepare reports and recommendations
- Work with all functional business areas to develop and maintain a corporate wide BCP program that addresses business recovery and emergency response management
- Define, establish, and implement organizational information security processes, to ensure business, regulatory, legislative and contractual requirements and obligations are met.
- Implement internal and external ISMS audit processes, audit plan, monitor effectiveness of controls and corrective actions in cooperation with the stakeholders across the organization.
- Manage gap analysis, compliance readiness, and compliance monitoring activities for ISO/IEC 27001, SOC2 and other regulatory security audits.
- Coordinate external security audits, assessments and testing as well as remediation plans development and implementation.
- Identify, assess, and monitor information security risks and recommend mitigation measures.
- Develop content, coordinate, and facilitate a comprehensive organizational information security awareness training program.
- Manage security requirements with third parties, including due diligence of products and services providers and information security requirements clauses in service provision agreements and contracts.
- Develop, coordinate, and maintain information security policies, procedures and other security related documents.
- Analyze, map, and communicate information security requirements, that derive from legislative and regulatory obligations in various jurisdictions.
- Continually improve and update knowledge to accommodate changes to the company's regulatory environment and needs.
Skills & Experience :
- Proven assurance experience across security governance, risk and compliance domain
- Proven experience of auditing IT systems
- Proven experience across business continuity domains
- Experience of assessing cloud environments
- Strong communication skills and ability to interact professionally with a diverse group including executive management, managers and subject matter experts.
- Strong management skills, leading people, delegating tasks, setting goals and ensuring objectives are met in continuous and deadline-oriented activities.
- Experience in leading ISO 27001:2013 certification and surveillance audits.
- Experience in leading and supporting information security risk assessments and management process.
- Pro-active, self-motivated approach and ability to work independently within a global security team.
- Bachelor's Degree in Information Security, Information Assurance, Computer Science, Cybersecurity, Risk Management or equivalent work experience.
- Professional certification (CISSP/CISM/CRISC and ISO 27001 Lead Implementer/Auditor or similar).
- At least 10 years of experience in Information Security.
- Experience working with cloud security and GRC tools
- Ability to share your specific expertise to the rest of the Technology group
Didn’t find the job appropriate? Report this Job