As an Information Security GRC Specialist, you will have the opportunity to define, lead and manage the governance, risk, and compliance (GRC) initiatives within our organization, ensuring the existence and evaluation of the application of information security policies and procedures, and the evaluation of the degree of risk and compliance with the applicable security related laws and regulatory directives.
This role also involves continuous monitoring and reporting on the effectiveness of our GRC initiatives, as well as staying up-to-date with the latest industry trends and regulatory changes. The role will play a critical role in fostering a culture of compliance and risk awareness across the organization.
KEY RESPONSIBILITIES
Governance
- Develop and maintain policies and procedures to ensure compliance with regulatory and internal requirements.
- Develop and maintain business continuity and disaster recovery plans.
- Propose and coordinate initiatives to improve IT security and produces reports analyzing the effectiveness of these projects;
- Proposes and/or revises employee training programs regarding information security.
- Monitor and report on the effectiveness of GRC initiatives
Risk
- Makes periodic risk assessment reports associated with IT systems;
- Perform security risk and compliance assessments on new and existing systems, processes, technology.
- Recommends and coordinates the implementation of controls and remedial actions necessary to ensure the reduction of risks related to IT systems, monitors and evaluates their effectiveness.
- Develop and maintain a risk register including exceptions.
- Manage third-party risk assessments
Compliance:
- Lead internal audits and compliance reviews and coordinate with external auditors and regulatory bodies.
- The role should establish and maintain management of cybersecurity controls compliance in accordance with the international standards (e.g. NIST, ISO/IEC 27001, ISO/IEC 22301, COBIT).
- Collaborates with internal departments for the integration of regulations and technologies that ensure the minimization of IT security risks.
- Perform periodic gap assessments to validate compliance on an ongoing basis.
SKILLS & RELEVANT WORK EXPERIENCE
- 5+ years working experience in information technology
- Minimum 2 years in information security on risk, policies and compliance
- Bachelor’s degree or equivalent combination of education and experience
- Experience with IT governance, risk, and compliance management in a complex environment
- Familiarity with ISMS and security frameworks, particularly ISO 27001/27002 and NIST RMF
- Good Knowledge of a risk management methodology for dealing with risks within organizations
- Strong understanding of fundamental information security concepts and technology
- Significant experience with legal and regulatory compliance standards such as GDPR, etc.
- Strong background in Risk & Control, Audit & Compliance
- Strong work ethic with attention to detail
- Ability to communicate security issues to peers and management
- Experience with IT GRC platforms is a plus
- Industry certifications such as CISM, CRISC or CISA are strongly preferred
