Buenos Aires C.F.
Job Description Under the direction of the Cyber Security and Assurance (CS and A) team, the Information Security Risk Specialist role will partner with Digital Technology Services (DTS) and business teams to assess risk and validate that the appropriate controls are in place for information systems and that they are working effectively and efficiently. The role also has responsibility for developing, maintaining, and monitoring security documentation such as policies, standards, and procedures. It is critical that this role can communicate technical concepts in a way that is easily understood, as well as be able to effectively assess and communicate business risk and the cost/benefit of implementing compliance solutions.
Successful candidates possess detailed knowledge of risk assessment methodology, control requirements, and evaluation techniques. Work involves coordinating and performing risk assessments to evaluate compliance with relevant internal control requirements and external standards and regulations. Additionally, as the expert in risk and controls, this person will provide consulting services and education to the organizations management and staff.
Oversees the planning, execution, and management of multi:faceted projects related to compliance, control assurance, risk management, security, and infrastructure/information asset protection. Provides strategic and tactical direction and consultation on information security and compliance. Maintains an up:to:date understanding of industry best practices. Ensures policies, procedures, standards, and system configurations are documented, tracked, and monitors the compliance of each. Develops processes and procedures for the information security governance program, including control document reviews, participant assessment preparation, meeting coordination, assessment finding mediation, assisting control owner with remediation plan development, tracking findings through remediation, progress monitoring, reporting, and escalation. Facilitate information security risk analysis and risk management processes and to identify acceptable levels of residual risk. Monitors risk mitigation and coordinates policy and controls to ensure that other managers are taking effective remediation steps. Participates in the development and maintenance of a global risk framework (a single view of the companys risk profiles and tolerance.) Captures, maintains, and monitors information security risk in one repository. Provides reports to leaders regarding the effectiveness of information security and makes recommendations for the adoption of new policies and procedures. Coordinates all IT internal and external assessment components. Ensures recovery drills are performed. Analyzes recovery drills performance and recommends changes to plan, as needed. Acts as liaison between internal audit and IT to ensure commitments are met and controls are properly implemented. Assists in the development and delivery of IT risk and security awareness and compliance training programs Monitor internal and external policy compliance, ensuring both vendors and employees understand cybersecurity risk management policies and that they operate within that framework.
Bachelors Degree and/or 8+ years professional experience with 3+ years IT audit/compliance experience. 5+ years experience in conducting risk assessments. Proven understanding of risk assessment methodologies, frameworks, and procedures such as NIST Cyber Security Framework, NIST SP80053, COBIT, and ISO27001. Experience in data protection security and its functional components Strong written and oral communication skills Ability to effectively interact globally with all areas and levels of the organization, such as legal, marketing, business operations Knowledge with the security domains of security engineering, IAM, asset/network/data security, software development, assessment, testing, and operations
Muestra tus habilidades a la empresa, rellenar el formulario y deja un toque personal en la carta, ayudará el reclutador en la elección del candidato.
IAM Specialist – PKI & RSA EY Technology: Technology has always been at the heart of what we do and deliver at EY. We need technology to keep an organization the size of ours working efficiently. We [...]
FY20 JD IAM Specialist – Identity EY Technology: Technology has always been at the heart of what we do and deliver at EY. We need technology to keep an organization the size of ours working efficien [...]
Description Job Summary: The Site EHS Specialist III, having completed level III competencies, will manage field personnel to ensure compliance with EHS policies, programs, procedures and legislative [...]
Job Description: Specific Responsibilities: Oversees the planning, execution, and management of multi:faceted projects related to compliance, control assurance, risk management, security, and infrastr [...]