Cybersecurity Governance consultant
| Remote Valencia (Spain | Full time |
If you like this offer, please send your CV mentioning the job title to: email@example.com
Location: Remote (Offshore)
Teleworking option: Yes
On-call requirements: (to be determined)
Main Duties and Responsibilities
Under the direct supervision of Lead, Cyber security Operations withinthe close collaboration with the Information Security Services team members in Clients and Projects to perform the following duties:
• Under the direct supervision of Lead, Cyber security Governance: –
• Develop, implement and monitor strategic, comprehensive enterprise information security and IT risk management programmes to ensure that the integrity, confidentiality and availability of information is managed and controlled by client organizations.
• Provide regular reporting on the current status of the information
security program to senior management and business units as part of a strategic enterprise risk management program.
• Implement governance programmes including an information security steering committee or advisory board.
• Create, communicate and implement process for risk management,
including the assessment and treatment of identified risks. Work directly with business units and stakeholders throughout the organization on identifying acceptable levels of residual risk. Report and oversee treatment efforts.
• Create and manage information security and risk management
awareness training programmes for all employees, contractors and
approved system users.
• Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and
dissemination of security policies and practices.
• Develop and enhance an information security management framework based on the ISO 27000 standards. Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.
• Coordinate information security and risk management projects. Provide strategic risk guidance for IT projects.
• Manage security incidents and events to protect corporate IT assets,
including intellectual property, sensitive data and the organization’s
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
• Develop and oversee effective disaster recovery policies and standards. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.
• Liaise among external and internal stakeholders, including audit, legal and HR management teams as required, to ensure that the organization maintains an appropriate security posture.
• Manage information security specialists and consultants
• Perform other related duties and fulfil responsibilities as required.
Knowledge and Skills:
•Ten (10) years or more of progressively responsible professional experience in information technology and/or related area, including at least five years (5) working in information security.
•Experience in medium/complex size projects
•Experience in managing / working in large ICT programmes.
•Experience in producing technical documentation including user requirement documents, proposals in response to project requirements
•Experience in drafting processes and procedures documentation.
•Experience in working with Microsoft office tools and Microsoft Project.
•University degree (Bachelors’ degree) or equivalent experience in computer science, information systems, mathematics, statistics or related field.
•Certification in CISM, CRISC, CGEIT, CISSP.