GRC Security Expert
|Квалификация:||Experience in leading ISO 27001:2013 and/or PCI DSS audits - from gap analysis, design, implementation to coordinating external audits.|
Previous experience conducting compliance assessments (ISO27001, PCI DSS etc.).
IT security or information security experience with a proven ability to engage with business, IT and external auditors.
Knowledge of technical infrastructure, networks, databases and systems in relation to security aspects.
Expert project management skills.
Business process expertise.
Excellent written skills - ability to plan, design, write, edit and review documents in compliance to the organizational, legislative and regulatory requirements.
Strong soft skills - ability to communicate and create working relationships with multiple teams, within Information Security Department and across the organization, on professional level to promote the awareness and understanding of relevant security aspects and requirements in each domain.
Information Security certificates (i.e. CISM/CISSP/ISO27001 Lead Auditor/Implementer) are an advantage
|Задачи:||Serve as a project manager/lead in security audits and projects.|
Manage and assess security risks across the company's environments and recommend remediation and corrective actions.
Promote and develop awareness for different security risks and best practices across the company.
Address inquiries from internal and external audits and inspections.
Develop security documentation that meet different regulatory requirements including ISO27001, PCI-DSS.
Manage security risk analysis and implement mitigation measures.
Facilitate security/risk training curriculum.
Recommend security enhancements and solutions.
Conduct technical security compliance checks.
Manage RFP responses in all security matters.
Document security processes, policies, procedures and other security related documentation.