IT Risk & Compliance Specialist

Job Description

br> Employment Type : Full Time, Permanent Work mode : Onsite Job description As an IT compliance manager, you are part of the information security team. This team is responsible for the full breadth of information security at GIV, from defining GIV s information security policy to providing operational services that help keep GIV secure. We re looking for a new colleague that will be responsible for the 2nd line of defense in Information Security. You ll work with Operating Company teams, Global IT colleagues and partners to support them on applying GIV s Information Security policy, ensuring provable compliance and management of related risks. Of course you are not alone in this, in this role you can rely on colleagues responsible for IT policy and assurance and business risk audit to support you. Job Responsibilities: Improve Information security 2nd line of defense role at Global Infovision (GIV), in overseeing risk and monitoring of IT and IS related first-line-of-defense controls in our Operating Companies/markets. Conduct periodic internal compliance reviews / audits to assess and enhance the effectiveness of the information security management system of operating com panies/markets, adhering to ISO 27001 standard. Ensure compliance with regulatory requirements and industry best practices. Perform gap analysis to evaluate the effectiveness and compliance of operational processes with our corporate security policies and guidelines ; and provide recommendations to identify areas for improvement, with proposed remediation Provide guidance to our colleagues located globally in becoming compliant with our control frameworks. Prepare comprehensive audit reports, highlighting findings and recommendations for improvement. Technical Abilities and Responsibilities: Bachelor s degree in Information Technology, Cybersecurity, or a related field. Certified Lead Auditor in ISO 27001:2013 or 2022 standard. At least 5 years of experience in conducting internal audits and implementing information security best practices. Strong understanding of information security principles, controls, and frameworks. Basic understanding and some experience in Third-Party Risk Management (TPRM) is preferred but not mandatory. Excellent communication and interpersonal skills, with the ability to collaborate effectively with diverse teams. Able to prepare concise reports for senior management, including C-level Proficiency in relevant tools and technologies related to information security auditing. Functional Attributes: Good command of the English language Excellent analytical skills Ability to operate in a matrix organization Self-starting and self-supporting Ability to manage a team without direct reporting lines Hands-on Service-oriented Likes to work in an international environment with different cultures IT Risk Security Analyst result driven