Offer summary

Qualifications:

CISSP, CISA, CISM, CRISC, CIPP, or similar industry certifications are required., Minimum 10 years of experience in Information Security, Internal Audit, or Governance, Risk & Compliance fields., Deep knowledge of industry regulations and risk management frameworks such as ISO, PCI, NIST, and GDPR is essential., Strong analytical, communication, and project management skills are necessary for success in this role..

Key responsibilities:

Conduct controls testing activities in areas like Incident Management and Network Security.

Lead internal and external audits and manage risk and control assessments for various accounts.

Ensure the quality and integrity of client data and support compliance with independence policies.

Communicate effectively with stakeholders and provide regular updates on testing progress and risk management initiatives.

Job description

Function Specific Responsibilities

Conduct controls testing activities in areas such as Incident Management, Disaster Recovery, Management, Cryptography, Network Security and Identity & Access Manageme

Periodic review of new and existing controls from a design point of view

Evaluate and assess the effectiveness of IT & Cyber controls in remediating associated risks in an accurate, complete and transparent way

Be responsible for the testing progress for the assigned controls and update senior audiences about the progress and results

Understand and evaluate relevant IT & Cyber risks and controls designed to mitigate these risks to a level acceptable by IT management

Ensure the quality, integrity, and completeness of data related to clients and related parties in various independence systems of the firm. Support engagement teams in complying with independence policies.

Leading all the internal and External Audits for account

Lead Risk and Control assessment (RCA) for various accounts by performing Risk assessment, Controls design and Control assurance.

Analyzing information security impact while evaluating any change due to technology or business requirements.

Proactively investigate risk events including deep dives to identify issues arising.

Help ensure that the various elements of the risk management framework are embedded and operating efficiently across all accounts.

Maintain control master data for changes to underlying business processes, systems etc

Work with Control Owner for ineffective controls & coordinate action tracking

Maintain control master data for changes to underlying business processes, systems

Oversees attestation/certification processes

Local RACE/Tickit expert

Subject matter expert for risks, control objectives and controls specific to the function

Customer

Use of customer insights to provide direction for business initiatives

Ensure best practice customer initiatives are adopted and applied

Provide exceptional customer service to internal and external customers within company guidelines, regulatory obligations and SLA’s

Ensure all confidential information is handled in accordance with company and partner protocols and procedures

Ensure high levels of customer relationship management are maintained

Communication

Ensure all contact and interactions are of the highest standards, communicating clearly and appropriately to all stakeholders

Collaborate and provide regular reporting and updates with key stakeholders across

Ensure all communication is in line with the delivery of our Brand Promise to all stakeholders

What you’ll bring

Skills, qualifications &

experience

CISSP, CISA, CISM, CRISC, CIPP, or similar industry certification(s)

Deep knowledge of industry standard regulations and risk management frameworks and standards (e.g., ISO, PCI, NIST, COBIT, GAPP, HIPAA, GDPR)

Experience with managing GRC products and implementations, including developing relevant business, technical, and data requirements

Experience in complex, matrixed environments and an experience navigating a constantly changing business

Strong communication with and organizational skills and an experience distilling complex risk data into impactful messaging to non-technical, leadership teams

Program and project management experience with process and organizational change implementation

Self-starter, experience working independently and as part of a team

Experience working independently and as part of a team

Strong analytical, research, and problem-solving skills with a keen attention to detail

Desired Candidate Profile

Minimum 10 years of experience in Information and Physical Security, Internal Audit, Data Privacy, or other Governance, Risk & Compliance Fields

Practical experience in implementing IT risk frameworks, controls, and methodologies

Experience discerning business relevant risk associated with technology control deficiencies

Experience in the areas of risks and controls across various IT platforms

Experience with interpreting and implementing data privacy and protection regulatory requirements at scale

Experience moving technical or business driven projects from inception to delivery, and experience articulating the impact using metrics

Required profile