Senior Information Security Risk Specialist
Our client is an exciting global MNC and Fortune 500 company operating in 220 countries.
They have an opening for a Senior Information Security Risk professional to join their team CISO office.
- Key member of Information Security team providing GRC expertise to global teams across the company.
- Provide strong focus on governance attained by conducting security assessments to ensure information assets are secured-by-design and secured-by-implementation.
- Deliver expertise on the company's information security target model, security frameworks and industry best practices by addressing threats and vulnerabilities, identifying countermeasures, remediating instances of non-compliance to security controls and reducing risks to acceptable levels, with the end goal of ensuring information assets remain secure at all times.
- Measure the effectiveness of the security program, highlighting security trends and providing senior management with actionable security information.
- Work with third parties to ensure their service offerings remain secure at all times, and comply with internal security policy and external regulatory requirements.
- Provide customers with security assurance.
- Support the organisation-wide security strategy
- Conduct security control assessments, threat and vulnerability assessments, risk and reward analyses.
- Provide expert advice to information asset owners on addressing threats and vulnerabilities, and identifying appropriate counter measures.
- Actively engage in efforts to remediate instances of non-compliance to security controls, deficiencies in security control implementations and elimination/reduction of risks to acceptable levels.
- Prepare information security metrics and reports that will provide management with visibility to the company's overall information security posture, thus assisting the leadership team in making informed decisions on cybersecurity items.
- Coordinate and support internal and external audit activities related to information security.
- Provide governance over risk exceptions ensuring these are correctly assessed, approved, and periodically reviewed.
- Manage customer security assurance activities which include responding to security assessments, RFIs, questionnaires. Review security provisions in customer contracts.
- Work with third parties to assess and ensure their compliance with the company's Information Security Code of Practice. Review security provisions in third party contracts.
- Provide security consultation and recommendations for global projects.
- Administer tools used by the team to perform security assessments, risk exceptions and metrics reporting.
- Provide input to the design and development of management practices and solutions. Enhance current team processes and maintain relevant documentations.
- Keep abreast of information security developments in the industry (including but not limited to emerging technologies, new tools and solutions, evolving threat landscape, current and upcoming regulations), leveraging emerging trends to enhance information security controls, and addressing potential problems before they become issues.
- Support implementation of the company's information security program. Work with global, regional and country stakeholders to support the program.
WHAT WE NEED FROM YOU
- Degree level or equivalent
- Information security certification (e.g. CISSP, CISM, CISA,CRISC, CGEIT or equivalent experience) is an advantage
- 6 - 8 years experience in an information security role
- 3 - 5 years experience in conducting security control assessments and threat and vulnerability assessments
- Solid experience in evaluating security controls and providing guidance to remediate issues
- Strong grasp of information security principles and knowledge of key technology concepts
- In-depth understanding of security frameworks
- Experience in administrating and using RSA Archer GRC platform and Kibana are added advantages
- Excellent stakeholder management skills that will enable you to work with peers across various levels of the organization with varying security exposures and technical aptitudes
- Proven influencing and problem resolution skills
- Good written and oral communications skills, able to effectively communicate key risks, findings & recommendations to key stakeholders
- Highly organized and able to manage competing priorities
- Good problem-solving skills, adept at simplifying complex security issues
- Self-starter, has initiative, able to work independently but also a strong team player
If Interested, please contact email@example.com
(EA Reg no: R1440978)
Company Reg No.: 201131609D, Licence No.: 11C4684