Description:
- Develop and maintain client’s Information Security related policies, procedures, and work instructions.
- Ensuring the continual improvement of client’s ISMS, PCI DSS and GDPR programmes
- Assisting with the design of information security processes, policies, and procedures
- Performing periodic audits of key security controls, processes, and audits to ensure operating effectiveness
- Contribute to the development of appropriate security KPIs, objectives and strategies, towards improving the client’s security posture and security maturity.
- Maintain and improve the security education, training, and awareness framework.
- Performing information security risk assessments
- Maintain client’s Security Risk Register and liaising with other relevant parties within the organization
- Contributing to the ISMS Committee
- Providing advice on ISO27001, PCI DSS and other relevant compliance standards
- Participate in regulatory audits and assist Legal and Compliance teams as may be required.
- Assist teams in supplier onboarding risk assessment process
- Project Manage assigned projects, developing project scopes and objectives, involving all relevant stakeholders, and ensuring technical feasibility.
- Perform assignments from beginning to end (identification of risks, controls, weaknesses, recommendations, best practices, sampling, reporting, etc.)
- Identify significant risk exposures relating to control processes and make appropriate recommendations.
- Perform IT audit action item follow-ups on previously raised findings.
- Establish and maintain relationships with internal departments as well as third parties/vendors
Requirements:
- You have been working for an auditing company in the field of IT audit/IT advisory for at least 2 years or have comparable experience in industry (e.g. IT compliance, ISO27001, ITIL, IT security.)
- Bachelor’s degree in Information Systems, Computer Science or a relevant area.
- Good understanding of ISO27001 and SOC requirements
- Knowledge of GDPR Law
- Ideally, you have certifications such as CISA or CISSP