The Role :-
- Support and advise on Information Security Management System (ISMS) and associated controls;
- Support and advise on management of risk and provide a transparent view of risk posture to stakeholders;
- Support and advise on compliance with relevant control standards, regulation and audit requirements;
- Provide Information Security Risk Assessment function to the business.
- Responsible for the oversight and monitoring of riskin line with the ISMS;
- Collaborates with security and audit teams to ensure controls are operating in line with policies.
Key Responsibilities :
- Document and monitor risk and control environment to identify existing and emerging risks and issues;
- Evaluate and document issues related to changes in the risk environment and risk priorities;
- Identify and aggregate thematic risk related to findings and trends, e.g. regulatory preparedness, thematic concerns;
- Engage Internal Audit to discuss risk posture and audit inputs;
- Communicate heightened risk that is relevant to stakeholders and customers to ensure transparency and appropriate prioritization for remediation;
- Understand legal and regulatory obligations relevant to the product and how the processes and associated controls provide evidence of compliance;
- Partner with business stakeholders to respond to customers, external audit and regulatory requests for information;
- Educate and advise on security policy, standards and procedures;
- Manage and maintain external certification activities.
Required Skills, Qualifications, and Experience :
- Working within the technical financial services industry, or other highly regulated industries
- Information security management, governance, and compliance principles, practices, laws, rules and regulations, e.g. NIST, ISO, NIS, DORA and GDPR;
- Information technology systems and processes, network infrastructure, data architecture, data processes and protocols;
- Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration, e.g. CIS, CSF;
- Information systems auditing, monitoring, controlling, and assessment process;
- Incident response management, e.g. ITIL;
- Risk assessment and management methodology, e.g., NIST, ISO 27005;
- Security training techniques and reporting activities.
- Developing and implementing enterprise governance, risk, and compliance strategy and solutions;
- Researching and understanding security information related to internal and external organizations using online and other sources;
- Management of technology vulnerability and threat information;
- Security project management and planning;
- Risk management, information security and audit management lifecycles.
