Head of GRC - CyberSecurity

Descripción de la oferta de empleo

Perfil buscado (Hombre/Mujer)


Assist in defining the organisation´s technology risk appetite, in line with corporate risk
appetite and create a strategy to deliver a robust Cyber Risk Framework that enables
business while mitigating cyber risks;
● Ensure risk acceptances and mitigation plans are in place as appropriate, with
business sign off and proactive management of risk governance
● Develop on-going technology risk reporting, monitoring key trends and defining
metrics
● Define and monitor Key Risk Indicators (KRIs) against technology risk appetite
● Prepare the Technology Risk report and track actions to reduce technology risk, and
present at Cyber Security Working Group meetings
● Monitor and report for escalation, past due risk mitigation activities
● Manage and archive key monthly artefacts for audit purposes
● Create a security governance framework that includes, regular review of internal
security policies and procedures, technology control standards and applicable
regulatory guidelines.
● Identify and implement continuous improvement activities for Information Security
Governance, Risk Management and compliance
● Establish and maintain key relationships across the global organization and the
parent organization
● Work with technology function colleagues to assess and understand the impact of
technology risk on projects and Business as Usual activities
● Build and maintain a plan for continuous PCI DSS compliance.
• Global Publishing Company|International cibersecurirty enviroment

Ability to influence behavior to reduce risk and foster a strong technology risk
management culture throughout the organization.
● Experience of working as a governance, risk and compliance analyst, IT auditor or
security auditor in complex and diverse global environments.
● Proven understanding of current best practice approach to security risk and
assurance with the application of cybersecurity/IT control frameworks and standards
including but not limited ISO27001, NIST, Cloud Security Alliance and PCI-DSS
● Ability to align risk processes across a diverse and complex business
● Solid technical understanding of Information Security key controls and continuous
improvement approaches
● Solid understanding and experience of PCI DSS compliance
● Solid experience applying or implementing risk assessment methodologies to ISO
27001 and other security frameworks and standards
● Broad knowledge of computer, networking and IT security systems including
operating systems, databases, Firewalls, SIEM, DLP and others
● Demonstrable proficiency in a wide range of information IT security domains
including Security Governance, Identity and Access Management, Technology
Access Controls, Threat management, Application Security
● Planning and prioritising multiple project work streams in response to developing and
changing Threat Intelligence, Compliance requirements and Risk appetite.
● Security processes review across the wider Global Product and Technology function
● Collaborating with the wider Cyber Security team and technology function
colleagues on new programs and initiatives
Educational Qualifications:
● Any of the following qualifications and certifications would be advantageous:
○ Degree in IT related subject
○ CRISC, CISM, CISA, CISSP


Global Publishing Company


Career development

Otros detalles de la oferta