Senior Information Security (GRC) Specialist

Location Malta
Discipline: Technology
Contact name: Samrudhi Manghate

Contact email: [email protected]
Job ref: 15699
Published: over 1 year ago
Our client Malta's leading IT services provider looking to recruit Senior Information Security (GRC) Specialist. As an Information Security (GRC) Specialist you will be responsible for the implementation and maintenance of controls, processes and audits required for the implementation, maintaining and improving. 
 

Description:

  • Develop and maintain client’s Information Security related policies, procedures, and work instructions.
  • Ensuring the continual improvement of client’s ISMS, PCI DSS and GDPR programmes
  • Assisting with the design of information security processes, policies, and procedures
  • Performing periodic audits of key security controls, processes, and audits to ensure operating effectiveness
  • Contribute to the development of appropriate security KPIs, objectives and strategies, towards improving the client’s security posture and security maturity.
  • Maintain and improve the security education, training, and awareness framework.
  • Performing information security risk assessments
  • Maintain client’s Security Risk Register and liaising with other relevant parties within the organization
  • Contributing to the ISMS Committee
  • Providing advice on ISO27001, PCI DSS and other relevant compliance standards
  • Participate in regulatory audits and assist Legal and Compliance teams as may be required.
  • Assist teams in supplier onboarding risk assessment process
  • Project Manage assigned projects, developing project scopes and objectives, involving all relevant stakeholders, and ensuring technical feasibility.
  • Perform assignments from beginning to end (identification of risks, controls, weaknesses, recommendations, best practices, sampling, reporting, etc.)
  • Identify significant risk exposures relating to control processes and make appropriate recommendations.
  • Perform IT audit action item follow-ups on previously raised findings.
  • Establish and maintain relationships with internal departments as well as third parties/vendors
 

Requirements:

  • You have been working for an auditing company in the field of IT audit/IT advisory for at least 2 years or have comparable experience in industry (e.g. IT compliance, ISO27001, ITIL, IT security.)
  • Bachelor’s degree in Information Systems, Computer Science or a relevant area.
  • Good understanding of ISO27001 and SOC requirements
  • Knowledge of GDPR Law
  • Ideally, you have certifications such as CISA or CISSP