it risk Analyst - grcEclaro

Assignment Detail Industry: Information Services Job Description Title: Information Security Sr advisor CORE ACCOUNTABILITY Reporting to the Director, GRC Information Security, and as a member of the Information Security team, the incumbent will Assignment Detail Industry: Information Services Job Description Title: Information Security Sr advisor CORE ACCOUNTABILITY Reporting to the Director, GRC Information Security, and as a member of the Information Security team, the incumbent will act as an Information Security specialist and will contribute to the identification, development, implementation, maintenance and oversight of information security policies, procedures, and processes across the organization in order to reduce risks, respond to incidents, and limit exposure to liability in all areas of financial, physical and personal risk. PRIMARY RESPONSIBILITIES Contribute to the definition and the implementation of the corporate information security strategy aligned with the CMA CGM strategic vision and plan. Conduct information security risk assessments across the organization in order to ensure that key risk issues are understood, communicated, and tracked on the risk register. Ensure operational recommendations stemming from information security risk assessments are followed with the risk owner. Define information security key performance indicators that will ultimately be reported to executive management. Plan and coordinate the security awareness program to support continuous training on security related topics. Perform security risk assessments which define, identify and classify critical assets, assess threats and vulnerabilities regarding those assets, and provide safeguard recommendation. Assist client's Business and support functions with the implementation of security recommendations stemming from security risk assessments. Contribute to the definition of policies, procedures, programs and processes to implement the security strategy across the organization and to ensure ongoing maintenance and audit of information security. Contribute to the definition of security control framework and audit requirements to monitor the effectiveness of the security policies, procedures and management framework, including the involvement of third-parties. Ensure the cyber incident response handbook is maintained up-to-date; contribute to incident responses planning as well as the investigation of security breaches. Coordinate security related processes encompassing physical protection, premises access, asset protection and digital security. Represent Information Security within working groups for various projects or initiatives to ensure that information security requirements are communicated and respected. On a regular basis, keep abreast of industry relevant information security trends and risks. Collaborate with the Enterprise Risk Management group to provide relevant Information Security risk information. PROFESSIONAL REQUIREMENTS Education Bachelor's degree in Computer Science or Commerce (major/specialization in Information Systems is considered an asset) Relevant professional designation: CISSP, CISM, CISA, CRISC, or CGEIT Experience A minimum of ten years of relevant professional experience Experience in an information security position or IT risk position Previous experience in matrixial international organizations, and financial sector or equivalent, an asset Knowledge and skills Strong experience in information security governance, consultative stakeholder management, and strategic planning Deep understanding of information security framework processes and best practices Demonstrated consultative approach to driving change and deploying controls Strong facilitation skills and clear ability to build strong relationships with stakeholders at all levels Strong, proven problem-solving skills and the ability to identify, analyze, and resolve problems, driving solutions through to completion Bilingual (French/English) an asset - written and oral communication skills, able to explain complex matters in understandable form to general business professionals Strong work ethic, professional integrity and the ability to handle confidential matters in a professional manner, applying the appropriate level of judgement and maturity Knowledge of technological trends and developments in area of information security and risk management Proactive, hardworking, team player and results oriented Flexible and adaptable to change Knowledge of information security and risk framework such as NIST CSF, NIST 800-53, ISO 27001 and ISO 27005 or COBIT v5
Monster

Philippines
Permanent
Full-time