Job Description :
Musts
Bachelor''s degree in Information Systems or equivalent work experience of a minimum of 5 years as an information security risk management practitioner, preferably in the financial, consulting, and/or global organizations
Prior work experience of risk management disciplines, security policies and standards, technology risk assessment, and third party supplier risk process and requirements
Current or previous experience with risk assessment methodologies and conducting risk analysis in a regulated environment or related IT audit background
Knowledge of security and control frameworks, such as ISO 27002, NIST, CobiT, COSO and ITIL; and other regulatory compliance
Experience with implementation of information security best practices for key areas such as access control, data protection, systems development life cycle, and cloud services
Professional certification in risk management, and/or audit is preferred (e.g., CISSP, CRISC, CISA, or CISM)
BUSINESS EXPERIENCE
Proven ability to work with and across all levels of the organizations and navigate organizational boundaries
Excellent organizational, interpersonal and communication skills with strong written, oral, and presentation skills; both delivery and creation of presentations (must be able to distill complex topics into
simple concepts)
Ability to effectively communicate with technical and executive audiences and develop and maintain strong peer/client/customer relationships underpinned by a service oriented approach to work
Adept with time management, tasks and projects prioritization, and multi-tasking
High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity
High degree of initiative, attention to detail, follow-up skills, deliver on commitments, dependability and ability to work with little supervision
Demonstrated problem-solving skills and capability to drive process improvements
Highly proficient with Microsoft Office Suite especially Excel and PowerPoint; and SharePoint administration.
Wants
Information security risk management, risk assessments, reporting, & tracking; strong interpersonal & communications skills
Demonstrate broad competency and understanding in a variety of IT security areas:
Security Policy / Standards Development and Management
Assist with documenting security policies, standards, standard operating procedures and guidelines based on the organization''s requirements, maturity level, and compliance objectives.
Risk Management
Perform internal and external risk assessments, generate risk reports/updates, tracking progress of remediation efforts.
Security Awareness & Communications
Facilitate and distribute communications to various audiences to promote about GRC Unit''s objectives and goals.