Our client Malta's leading IT services provider looking to recruit Senior Information Security (GRC) Specialist. As an Information Security (GRC) Specialist you will be responsible for the implementation and maintenance of controls, processes and audits required for the implementation, and maintaining, improving.
Develop and maintain client’s Information Security related policies, procedures, and work instructions.
Ensuring the continual improvement of client’s ISMS, PCI DSS and GDPR programmes
Assisting with the design of information security processes, policies, and procedures
Performing periodic audits of key security controls, processes, and audits to ensure operating effectiveness
Contribute to the development of appropriate security KPIs, objectives and strategies, towards improving the client’s security posture and security maturity.
Maintain and improve the security education, training, and awareness framework.
Performing information security risk assessments
Maintain client’s Security Risk Register and liaising with other relevant parties within the organization
Contributing to the ISMS Committee
Providing advice on ISO27001, PCI DSS and other relevant compliance standards
Participate in regulatory audits and assist Legal and Compliance teams as may be required.
Assist teams in supplier onboarding risk assessment process
Project Manage assigned projects, developing project scopes and objectives, involving all relevant stakeholders, and ensuring technical feasibility.
Perform assignments from beginning to end (identification of risks, controls, weaknesses, recommendations, best practices, sampling, reporting, etc.)
Identify significant risk exposures relating to control processes and make appropriate recommendations.
Perform IT audit action item follow-ups on previously raised findings.
Establish and maintain relationships with internal departments as well as third parties/vendors
You have been working for an auditing company in the field of IT audit/IT advisory for at least 2 years or have comparable experience in industry (e.g. IT compliance, ISO27001, ITIL, IT security.)
Bachelor’s degree in Information Systems, Computer Science or a relevant area.
Good understanding of ISO27001 and SOC requirements
Knowledge of GDPR Law
Ideally, you have certifications such as CISA or CISSP