Job Description:

• GRC Lead 8+ years of experience in IT Risk management Audit and compliance.
• Strong understanding of ISO 27K controls annexures and implementation strategies.
• IT security assessment processes, including audit, vulnerability scanning, and security policy and standards review, emphasizing managing IT security policies and standards.
• ISO 27001, NIST 800-53, experience to help in third party security risk assessment efforts.
• Possess the verbal and written communication skills to work effectively with technical and non-technical personnel at various levels in the organization; ability to use standard English grammar and punctuation.
• A strong sense of customer service and attention to detail.
• Ability to work independently, setting goals and priorities.
• ISO 27001 LA/ LI certification Bachelors Degree in related discipline (Computer Science, Information Security)

Technical Details

• Review of Supplier technical documentation.
• Demonstrated skill in establishing and maintaining cooperative working relationships.
• Performing assessment on vendor documentation, review and analysis.
• Identifying and measuring the risk associated with vendor security controls.
• Documenting and keeping track of risks and recommendations based on the vendor's lack of control Co-ordinating and performing vendor reviews.
• Knowledge of Cloud-based technologies such as IaaS and Saas solutions, emphasizing information security control and data protection requirements.
• Comprehension of the risks that exist in a business and security environment comprised of multiple global geographies and suppliers.
• Minimum two years recent experience performing information systems audit or information security reviews Experience performing security audits against published standards.
• ISO 27001, NIST 800-53, experience to help in third party security risk assessment efforts.