Cyber Security Compliance Analyst Summary: Salary: Competitive Grade: 3B Contract Type: Permanent Location: London Reporting to: Senior Cyber Security Compliance Manager Division: IT The Purpose of the Role Under the management of the Senior Cyber Security Compliance Manager, the Cyber Security Compliance Manager is responsible for maintaining the Cyber Security policy and standard suite and ensure alignment with the controls in our GRC tool. They are responsible for the annual review and update of the ISMS documentation and the POL security policies and standards Furthermore, the role requires subject matter expertise in the maintenance of an information security management system and the underlying components of running an ongoing security awareness campaign, the Cyber Security Compliance Manager will accountable for the planning of the annual security awareness campaign as well as execute the associated communication plan. The Cyber Security Compliance Manager is also responsible for managing third party assurance. They will be conducting cyber security reviews on suppliers, contract reviews on existing and new third parties and providing security attestations to internal and external contacts when required. For this, establishing good relationships with adjacent teams such as Procurement, wider Cyber and IT is necessary. In addition, they will be independently required to support and provide advice to ongoing projects running in the Post Office and support reviews of external suppliers. Some technical experience and good knowledge of Cyber security and Information Assurance are required. Flexibility within this role is essential due to the diverse nature of Post Office's business. Working cohesively with other members of the wider IT Security, IT, Risk and Compliance and Data Protection teams is essential. As part of the Cyber Security Compliance team, the role requires cohesive and supportive relationships to be developed both within and outside of the team. The role will support the function to build a successful brand and be known as a 'go-to' team for all matters relating to information security compliance. This is an excellent opportunity for candidates who want to bridge the gap between technical security management and the business side of information security assurance. Principal Accountabilities • Maintain the Cyber Security Policy and Standard set to ensure that it is kept up to date and change control applied. These documents would also need to be uploaded to the intranet site and changes communicated both internally and to our suppliers. • Manage changes in modifying the scope of the ISMS based on the business needs, providing our clients, partners, and suppliers' assurance of our security governance. • Identify shortfalls within business processes and advise the business on the resolution along with the appropriate timescales. • Conduct cyber risk assessments, both rapid and in depth, for third parties, depending of business needs. • Lead and maintain the mitigation plans for the various third parties that ensures compliance to POL policies and standards. • Conduct contract reviews for ongoing and new suppliers. • Relationship management with leaders of other functions and business units. • Manage and deliver the ongoing Security Awareness Campaign and defining value through metrics, both for the back office and within the branches. • Support business areas in developing a positive security culture. • Be visible to Post Office staff and stakeholders and regularly activities to build trust with people involved in security, demonstrate insight, knowledge and add value. • Escalate issues to the Head of Cyber Security Compliance. • Support supplier reviews and internal Post Office projects, which will feed into the supplier management framework to assess suppliers against a maturity scale. Qualifications, Experience & Skills • Experience in cyber security, information security, IT security or similar area. • Qualifications such as CISM, CISA, CISSP, CRISC are desirable. • Experience conducting external security reviews, risk assessments and assurance reviews. • Experience creating treatment plans and reporting on findings. • Experience conducting contract reviews. • Understanding of cyber security threats, vulnerabilities and their impact in systems and various environments within the organisation. • Deep understanding of security controls' standards such as ISO27002, NIST CSF, COBIT, etc. • Strong Information Security knowledge (preferably with at least 5 years of experience). • Knowledge of ISO27001, ISMS, Cyber Essentials Plus and ISO22301 Business Continuity. • Practical and current knowledge of information security threats, countermeasures, mitigation and industry best practices. • Experience of implementing a security awareness and culture change programme. • Excellent communication and report writing skills. • Experience at the organisation and management of meetings. • Strong influencing and communication skills to ensure effective stakeholder management across all levels within the organization. • Strategic thinking to ensure the role makes a significant contribution to the business becoming commercially sustainable in the longer term. • Self-starter with positive proactive attitude and able to work collaboratively. • Organised and structured in approach. • Excellent team-working skills. • Diplomacy and tenacity. • Report writing. About Post Office The Post Office has thrived at the heart of high streets and local communities across the UK for over 370 years. As one of the country's most trusted brands, we take our commitment to providing essential services to customers across the UK very seriously. We're the UK's largest retail network, as well as the largest financial services provider in the UK, with over 11,600 branches nationwide - more than all of the UK's banks and building societies put together. We know that the best way to provide a great service for customers is to evolve our business and adapt to their changing needs. That's why we have a range of over 170 products and services, from personal financial services like banking, insurance, payments and travel money, to telecoms and, of course, mails. And we're improving our online and in store experience for customers. We know that our customers never stop changing, so neither will we. We're here, in person, for the people who rely on us. Our Ways of Working underpin everything we do, they are the "How" of our business strategy. They differentiate our business and aim to inspire great behaviours and align our colleagues around specific actions in order to be the organisation we want to be, and achieve our business goals. By living the Ways of Working each day, you will help make that vision a reality and enable our cultural transformation. In short: Working in partnership , as one team , we deliver amazing results! The Post Office embraces diversity and inclusion in the workplace and actively promote working without discrimination. We are also a Disability Confident Employer and are committed to interviewing disabled people who meet our minimum criteria for the job.
01/04/2023
Full time
Cyber Security Compliance Analyst Summary: Salary: Competitive Grade: 3B Contract Type: Permanent Location: London Reporting to: Senior Cyber Security Compliance Manager Division: IT The Purpose of the Role Under the management of the Senior Cyber Security Compliance Manager, the Cyber Security Compliance Manager is responsible for maintaining the Cyber Security policy and standard suite and ensure alignment with the controls in our GRC tool. They are responsible for the annual review and update of the ISMS documentation and the POL security policies and standards Furthermore, the role requires subject matter expertise in the maintenance of an information security management system and the underlying components of running an ongoing security awareness campaign, the Cyber Security Compliance Manager will accountable for the planning of the annual security awareness campaign as well as execute the associated communication plan. The Cyber Security Compliance Manager is also responsible for managing third party assurance. They will be conducting cyber security reviews on suppliers, contract reviews on existing and new third parties and providing security attestations to internal and external contacts when required. For this, establishing good relationships with adjacent teams such as Procurement, wider Cyber and IT is necessary. In addition, they will be independently required to support and provide advice to ongoing projects running in the Post Office and support reviews of external suppliers. Some technical experience and good knowledge of Cyber security and Information Assurance are required. Flexibility within this role is essential due to the diverse nature of Post Office's business. Working cohesively with other members of the wider IT Security, IT, Risk and Compliance and Data Protection teams is essential. As part of the Cyber Security Compliance team, the role requires cohesive and supportive relationships to be developed both within and outside of the team. The role will support the function to build a successful brand and be known as a 'go-to' team for all matters relating to information security compliance. This is an excellent opportunity for candidates who want to bridge the gap between technical security management and the business side of information security assurance. Principal Accountabilities • Maintain the Cyber Security Policy and Standard set to ensure that it is kept up to date and change control applied. These documents would also need to be uploaded to the intranet site and changes communicated both internally and to our suppliers. • Manage changes in modifying the scope of the ISMS based on the business needs, providing our clients, partners, and suppliers' assurance of our security governance. • Identify shortfalls within business processes and advise the business on the resolution along with the appropriate timescales. • Conduct cyber risk assessments, both rapid and in depth, for third parties, depending of business needs. • Lead and maintain the mitigation plans for the various third parties that ensures compliance to POL policies and standards. • Conduct contract reviews for ongoing and new suppliers. • Relationship management with leaders of other functions and business units. • Manage and deliver the ongoing Security Awareness Campaign and defining value through metrics, both for the back office and within the branches. • Support business areas in developing a positive security culture. • Be visible to Post Office staff and stakeholders and regularly activities to build trust with people involved in security, demonstrate insight, knowledge and add value. • Escalate issues to the Head of Cyber Security Compliance. • Support supplier reviews and internal Post Office projects, which will feed into the supplier management framework to assess suppliers against a maturity scale. Qualifications, Experience & Skills • Experience in cyber security, information security, IT security or similar area. • Qualifications such as CISM, CISA, CISSP, CRISC are desirable. • Experience conducting external security reviews, risk assessments and assurance reviews. • Experience creating treatment plans and reporting on findings. • Experience conducting contract reviews. • Understanding of cyber security threats, vulnerabilities and their impact in systems and various environments within the organisation. • Deep understanding of security controls' standards such as ISO27002, NIST CSF, COBIT, etc. • Strong Information Security knowledge (preferably with at least 5 years of experience). • Knowledge of ISO27001, ISMS, Cyber Essentials Plus and ISO22301 Business Continuity. • Practical and current knowledge of information security threats, countermeasures, mitigation and industry best practices. • Experience of implementing a security awareness and culture change programme. • Excellent communication and report writing skills. • Experience at the organisation and management of meetings. • Strong influencing and communication skills to ensure effective stakeholder management across all levels within the organization. • Strategic thinking to ensure the role makes a significant contribution to the business becoming commercially sustainable in the longer term. • Self-starter with positive proactive attitude and able to work collaboratively. • Organised and structured in approach. • Excellent team-working skills. • Diplomacy and tenacity. • Report writing. About Post Office The Post Office has thrived at the heart of high streets and local communities across the UK for over 370 years. As one of the country's most trusted brands, we take our commitment to providing essential services to customers across the UK very seriously. We're the UK's largest retail network, as well as the largest financial services provider in the UK, with over 11,600 branches nationwide - more than all of the UK's banks and building societies put together. We know that the best way to provide a great service for customers is to evolve our business and adapt to their changing needs. That's why we have a range of over 170 products and services, from personal financial services like banking, insurance, payments and travel money, to telecoms and, of course, mails. And we're improving our online and in store experience for customers. We know that our customers never stop changing, so neither will we. We're here, in person, for the people who rely on us. Our Ways of Working underpin everything we do, they are the "How" of our business strategy. They differentiate our business and aim to inspire great behaviours and align our colleagues around specific actions in order to be the organisation we want to be, and achieve our business goals. By living the Ways of Working each day, you will help make that vision a reality and enable our cultural transformation. In short: Working in partnership , as one team , we deliver amazing results! The Post Office embraces diversity and inclusion in the workplace and actively promote working without discrimination. We are also a Disability Confident Employer and are committed to interviewing disabled people who meet our minimum criteria for the job.
Cyber Security Compliance Analyst Summary: Salary: Competitive Grade: 3B Contract Type: Permanent Location: London Reporting to: Senior Cyber Security Compliance Manager Division: IT The Purpose of the Role Under the management of the Senior Cyber Security Compliance Manager, the Cyber Security Compliance Manager is responsible for maintaining the Cyber Security policy and standard suite and ensure alignment with the controls in our GRC tool. They are responsible for the annual review and update of the ISMS documentation and the POL security policies and standards Furthermore, the role requires subject matter expertise in the maintenance of an information security management system and the underlying components of running an ongoing security awareness campaign, the Cyber Security Compliance Manager will accountable for the planning of the annual security awareness campaign as well as execute the associated communication plan. The Cyber Security Compliance Manager is also responsible for managing third party assurance. They will be conducting cyber security reviews on suppliers, contract reviews on existing and new third parties and providing security attestations to internal and external contacts when required. For this, establishing good relationships with adjacent teams such as Procurement, wider Cyber and IT is necessary. In addition, they will be independently required to support and provide advice to ongoing projects running in the Post Office and support reviews of external suppliers. Some technical experience and good knowledge of Cyber security and Information Assurance are required. Flexibility within this role is essential due to the diverse nature of Post Office's business. Working cohesively with other members of the wider IT Security, IT, Risk and Compliance and Data Protection teams is essential. As part of the Cyber Security Compliance team, the role requires cohesive and supportive relationships to be developed both within and outside of the team. The role will support the function to build a successful brand and be known as a 'go-to' team for all matters relating to information security compliance. This is an excellent opportunity for candidates who want to bridge the gap between technical security management and the business side of information security assurance. Principal Accountabilities • Maintain the Cyber Security Policy and Standard set to ensure that it is kept up to date and change control applied. These documents would also need to be uploaded to the intranet site and changes communicated both internally and to our suppliers. • Manage changes in modifying the scope of the ISMS based on the business needs, providing our clients, partners, and suppliers' assurance of our security governance. • Identify shortfalls within business processes and advise the business on the resolution along with the appropriate timescales. • Conduct cyber risk assessments, both rapid and in depth, for third parties, depending of business needs. • Lead and maintain the mitigation plans for the various third parties that ensures compliance to POL policies and standards. • Conduct contract reviews for ongoing and new suppliers. • Relationship management with leaders of other functions and business units. • Manage and deliver the ongoing Security Awareness Campaign and defining value through metrics, both for the back office and within the branches. • Support business areas in developing a positive security culture. • Be visible to Post Office staff and stakeholders and regularly activities to build trust with people involved in security, demonstrate insight, knowledge and add value. • Escalate issues to the Head of Cyber Security Compliance. • Support supplier reviews and internal Post Office projects, which will feed into the supplier management framework to assess suppliers against a maturity scale. Qualifications, Experience & Skills • Experience in cyber security, information security, IT security or similar area. • Qualifications such as CISM, CISA, CISSP, CRISC are desirable. • Experience conducting external security reviews, risk assessments and assurance reviews. • Experience creating treatment plans and reporting on findings. • Experience conducting contract reviews. • Understanding of cyber security threats, vulnerabilities and their impact in systems and various environments within the organisation. • Deep understanding of security controls' standards such as ISO27002, NIST CSF, COBIT, etc. • Strong Information Security knowledge (preferably with at least 5 years of experience). • Knowledge of ISO27001, ISMS, Cyber Essentials Plus and ISO22301 Business Continuity. • Practical and current knowledge of information security threats, countermeasures, mitigation and industry best practices. • Experience of implementing a security awareness and culture change programme. • Excellent communication and report writing skills. • Experience at the organisation and management of meetings. • Strong influencing and communication skills to ensure effective stakeholder management across all levels within the organization. • Strategic thinking to ensure the role makes a significant contribution to the business becoming commercially sustainable in the longer term. • Self-starter with positive proactive attitude and able to work collaboratively. • Organised and structured in approach. • Excellent team-working skills. • Diplomacy and tenacity. • Report writing. About Post Office The Post Office has thrived at the heart of high streets and local communities across the UK for over 370 years. As one of the country's most trusted brands, we take our commitment to providing essential services to customers across the UK very seriously. We're the UK's largest retail network, as well as the largest financial services provider in the UK, with over 11,600 branches nationwide - more than all of the UK's banks and building societies put together. We know that the best way to provide a great service for customers is to evolve our business and adapt to their changing needs. That's why we have a range of over 170 products and services, from personal financial services like banking, insurance, payments and travel money, to telecoms and, of course, mails. And we're improving our online and in store experience for customers. We know that our customers never stop changing, so neither will we. We're here, in person, for the people who rely on us. Our Ways of Working underpin everything we do, they are the "How" of our business strategy. They differentiate our business and aim to inspire great behaviours and align our colleagues around specific actions in order to be the organisation we want to be, and achieve our business goals. By living the Ways of Working each day, you will help make that vision a reality and enable our cultural transformation. In short: Working in partnership , as one team , we deliver amazing results! The Post Office embraces diversity and inclusion in the workplace and actively promote working without discrimination. We are also a Disability Confident Employer and are committed to interviewing disabled people who meet our minimum criteria for the job.
01/04/2023
Full time
Cyber Security Compliance Analyst Summary: Salary: Competitive Grade: 3B Contract Type: Permanent Location: London Reporting to: Senior Cyber Security Compliance Manager Division: IT The Purpose of the Role Under the management of the Senior Cyber Security Compliance Manager, the Cyber Security Compliance Manager is responsible for maintaining the Cyber Security policy and standard suite and ensure alignment with the controls in our GRC tool. They are responsible for the annual review and update of the ISMS documentation and the POL security policies and standards Furthermore, the role requires subject matter expertise in the maintenance of an information security management system and the underlying components of running an ongoing security awareness campaign, the Cyber Security Compliance Manager will accountable for the planning of the annual security awareness campaign as well as execute the associated communication plan. The Cyber Security Compliance Manager is also responsible for managing third party assurance. They will be conducting cyber security reviews on suppliers, contract reviews on existing and new third parties and providing security attestations to internal and external contacts when required. For this, establishing good relationships with adjacent teams such as Procurement, wider Cyber and IT is necessary. In addition, they will be independently required to support and provide advice to ongoing projects running in the Post Office and support reviews of external suppliers. Some technical experience and good knowledge of Cyber security and Information Assurance are required. Flexibility within this role is essential due to the diverse nature of Post Office's business. Working cohesively with other members of the wider IT Security, IT, Risk and Compliance and Data Protection teams is essential. As part of the Cyber Security Compliance team, the role requires cohesive and supportive relationships to be developed both within and outside of the team. The role will support the function to build a successful brand and be known as a 'go-to' team for all matters relating to information security compliance. This is an excellent opportunity for candidates who want to bridge the gap between technical security management and the business side of information security assurance. Principal Accountabilities • Maintain the Cyber Security Policy and Standard set to ensure that it is kept up to date and change control applied. These documents would also need to be uploaded to the intranet site and changes communicated both internally and to our suppliers. • Manage changes in modifying the scope of the ISMS based on the business needs, providing our clients, partners, and suppliers' assurance of our security governance. • Identify shortfalls within business processes and advise the business on the resolution along with the appropriate timescales. • Conduct cyber risk assessments, both rapid and in depth, for third parties, depending of business needs. • Lead and maintain the mitigation plans for the various third parties that ensures compliance to POL policies and standards. • Conduct contract reviews for ongoing and new suppliers. • Relationship management with leaders of other functions and business units. • Manage and deliver the ongoing Security Awareness Campaign and defining value through metrics, both for the back office and within the branches. • Support business areas in developing a positive security culture. • Be visible to Post Office staff and stakeholders and regularly activities to build trust with people involved in security, demonstrate insight, knowledge and add value. • Escalate issues to the Head of Cyber Security Compliance. • Support supplier reviews and internal Post Office projects, which will feed into the supplier management framework to assess suppliers against a maturity scale. Qualifications, Experience & Skills • Experience in cyber security, information security, IT security or similar area. • Qualifications such as CISM, CISA, CISSP, CRISC are desirable. • Experience conducting external security reviews, risk assessments and assurance reviews. • Experience creating treatment plans and reporting on findings. • Experience conducting contract reviews. • Understanding of cyber security threats, vulnerabilities and their impact in systems and various environments within the organisation. • Deep understanding of security controls' standards such as ISO27002, NIST CSF, COBIT, etc. • Strong Information Security knowledge (preferably with at least 5 years of experience). • Knowledge of ISO27001, ISMS, Cyber Essentials Plus and ISO22301 Business Continuity. • Practical and current knowledge of information security threats, countermeasures, mitigation and industry best practices. • Experience of implementing a security awareness and culture change programme. • Excellent communication and report writing skills. • Experience at the organisation and management of meetings. • Strong influencing and communication skills to ensure effective stakeholder management across all levels within the organization. • Strategic thinking to ensure the role makes a significant contribution to the business becoming commercially sustainable in the longer term. • Self-starter with positive proactive attitude and able to work collaboratively. • Organised and structured in approach. • Excellent team-working skills. • Diplomacy and tenacity. • Report writing. About Post Office The Post Office has thrived at the heart of high streets and local communities across the UK for over 370 years. As one of the country's most trusted brands, we take our commitment to providing essential services to customers across the UK very seriously. We're the UK's largest retail network, as well as the largest financial services provider in the UK, with over 11,600 branches nationwide - more than all of the UK's banks and building societies put together. We know that the best way to provide a great service for customers is to evolve our business and adapt to their changing needs. That's why we have a range of over 170 products and services, from personal financial services like banking, insurance, payments and travel money, to telecoms and, of course, mails. And we're improving our online and in store experience for customers. We know that our customers never stop changing, so neither will we. We're here, in person, for the people who rely on us. Our Ways of Working underpin everything we do, they are the "How" of our business strategy. They differentiate our business and aim to inspire great behaviours and align our colleagues around specific actions in order to be the organisation we want to be, and achieve our business goals. By living the Ways of Working each day, you will help make that vision a reality and enable our cultural transformation. In short: Working in partnership , as one team , we deliver amazing results! The Post Office embraces diversity and inclusion in the workplace and actively promote working without discrimination. We are also a Disability Confident Employer and are committed to interviewing disabled people who meet our minimum criteria for the job.
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Principal GRC Governance Analyst. Candidate supports the Security Services Department and will regularly liaise with, Compliance, Enterprise Risk Management, Internal Audit, and Regulators. This person is responsible for driving information security initiatives related to regulatory exam and Internal Audit remediation planning, tracking, and mitigation. Additionally, this role will lead the development, review and publication of policy, procedures and controls for the Security Services Department in support of the NIST Cyber Security Framework. Candidate will also focus on compliance with applicable regulatory and legal rules and requirements (ie SEC-Regulation SCI, CFTC-System Safeguards, etc.) as they relate to information security. Responsibilities: Responsibilities include the development, review and continuous improvement of the Security Services Department policies, procedures, and controls to enhance risk control environment Recommendation of appropriate reporting frameworks, standards and best practices. Assist with remediating regulatory and Internal Audit findings, including collecting data to identify root cause of problems, identifying trends, formulating solutions, and escalating potential issues related to the life cycle of remediation activities including, but not limited to: Management responses Development of appropriate action plans Delivery timeline tracking Gathering, and review of appropriate evidence artifacts Proving feedback to responsible SME's regarding appropriateness of evidence artifacts Development of documentation for closure Act as supporting point of contact from Security Services to senior management in Compliance, Internal Audit, Enterprise Risk Management, Legal and the Enterprise Project Management Office. Lead development, implementation, review and improvement of right sized management self-testing of controls. Lead Information Security Cyber Security Working Group Program efforts. Act on Security Services behalf related to compliance matters including developing and implementing strategies for strengthening the Security Services compliance posture Manage Security Services responses to Third-Party requests and surveys Perform ad-hoc duties for Security Governance management as necessary Qualifications: Broad knowledge of applicable regulatory, legal rules and requirements (eg, SEC, CFTC, Federal Reserve Board, etc.) as they pertain to Information Security. Sound knowledge of and experience working with Security and Technology authoritative industry standards and control frameworks (eg NIST CSF, NIST 800-53, CIS 20, COBIT, COSO, ITIL, ISO 27001, CSA CCM, etc.) Strong understanding of information technology and risk management concepts Strong experience in Information Security related policy, procedure and control writing. Sound knowledge of Cloud implementation and Cloud compliance strategies including for data, information, application, platform, and network security as well as control design and implementation for cloud including NFR development and definition. Understanding of Systems Development Life Cycle (SDLC) process (Agile) and Secure Software Development Lifecycle. Ability to work independently and as a member of a team, proficient in collaborating with internal business clients from different departments and at various levels of seniority. Proficient in gathering, analysing, and evaluating facts and preparing/presenting concise oral and written Compliance related data analysis and reports. Excellent organizational, written and oral communication skills. Proficiency with Microsoft Office Suite, including Word, Excel, and PowerPoint Experience using an integrated risk management system (such as RSA Archer Suite) a plus Business Intelligence tool experience (ie Tableau), a plus Education and/or Experience: Bachelor Degree - Computer Science, Management Information Systems, Business, or related field or the equivalent combination of education and/or relevant experience. 5 or more years hands-on Information Security or EGRC related work experience. Previous work in Compliance, Audit, Risk Management, Project Management or control activities in the financial services industry Professional network and/or security certifications a plus (ie, GIAC, CISSP, CISA, CISM, CRISC etc.)
29/03/2023
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a Principal GRC Governance Analyst. Candidate supports the Security Services Department and will regularly liaise with, Compliance, Enterprise Risk Management, Internal Audit, and Regulators. This person is responsible for driving information security initiatives related to regulatory exam and Internal Audit remediation planning, tracking, and mitigation. Additionally, this role will lead the development, review and publication of policy, procedures and controls for the Security Services Department in support of the NIST Cyber Security Framework. Candidate will also focus on compliance with applicable regulatory and legal rules and requirements (ie SEC-Regulation SCI, CFTC-System Safeguards, etc.) as they relate to information security. Responsibilities: Responsibilities include the development, review and continuous improvement of the Security Services Department policies, procedures, and controls to enhance risk control environment Recommendation of appropriate reporting frameworks, standards and best practices. Assist with remediating regulatory and Internal Audit findings, including collecting data to identify root cause of problems, identifying trends, formulating solutions, and escalating potential issues related to the life cycle of remediation activities including, but not limited to: Management responses Development of appropriate action plans Delivery timeline tracking Gathering, and review of appropriate evidence artifacts Proving feedback to responsible SME's regarding appropriateness of evidence artifacts Development of documentation for closure Act as supporting point of contact from Security Services to senior management in Compliance, Internal Audit, Enterprise Risk Management, Legal and the Enterprise Project Management Office. Lead development, implementation, review and improvement of right sized management self-testing of controls. Lead Information Security Cyber Security Working Group Program efforts. Act on Security Services behalf related to compliance matters including developing and implementing strategies for strengthening the Security Services compliance posture Manage Security Services responses to Third-Party requests and surveys Perform ad-hoc duties for Security Governance management as necessary Qualifications: Broad knowledge of applicable regulatory, legal rules and requirements (eg, SEC, CFTC, Federal Reserve Board, etc.) as they pertain to Information Security. Sound knowledge of and experience working with Security and Technology authoritative industry standards and control frameworks (eg NIST CSF, NIST 800-53, CIS 20, COBIT, COSO, ITIL, ISO 27001, CSA CCM, etc.) Strong understanding of information technology and risk management concepts Strong experience in Information Security related policy, procedure and control writing. Sound knowledge of Cloud implementation and Cloud compliance strategies including for data, information, application, platform, and network security as well as control design and implementation for cloud including NFR development and definition. Understanding of Systems Development Life Cycle (SDLC) process (Agile) and Secure Software Development Lifecycle. Ability to work independently and as a member of a team, proficient in collaborating with internal business clients from different departments and at various levels of seniority. Proficient in gathering, analysing, and evaluating facts and preparing/presenting concise oral and written Compliance related data analysis and reports. Excellent organizational, written and oral communication skills. Proficiency with Microsoft Office Suite, including Word, Excel, and PowerPoint Experience using an integrated risk management system (such as RSA Archer Suite) a plus Business Intelligence tool experience (ie Tableau), a plus Education and/or Experience: Bachelor Degree - Computer Science, Management Information Systems, Business, or related field or the equivalent combination of education and/or relevant experience. 5 or more years hands-on Information Security or EGRC related work experience. Previous work in Compliance, Audit, Risk Management, Project Management or control activities in the financial services industry Professional network and/or security certifications a plus (ie, GIAC, CISSP, CISA, CISM, CRISC etc.)
