Job Description
Key Responsibilities: Corporate Client Security Management: Oversee security processes for corporate clients, including contract negotiations, managing security questionnaires, coordinating security audits, and addressing general security inquiries. Stakeholder Collaboration: Work closely with various stakeholders to handle security-related requests across the organization using the ticketing system, ensuring efficient response and resolution. Exception Process Management: Lead the implementation and ongoing management of the Information Security Exception process to ensure policy adherence and risk mitigation. Third-Party Security Audits: Assist in developing the third-party audit framework, facilitating security audits and risk assessments for external partners in line with the established framework. Security Roadmap Enhancement: Play a key role in the continuous improvement of the information security roadmap, contributing to the maturity of internal processes. Cross-Department Collaboration: Partner with various departments to document, implement, and maintain security controls, ensuring procedures are in place and effective across the organization. Security Awareness & Incident Response: Support the company's security awareness program and assist in investigations related to phishing incidents and other security breaches. Skills and Qualifications: Educational Background: Bachelor's degree in Computer Science, Information Security, Business, or a related field. Experience: Minimum of 4 years in information security or auditing roles. Certifications such as CISSP, CISM, CISA, or ISO 27001 are highly preferred. Risk & Security Controls Knowledge: Strong understanding of risk management practices and information security controls, including infrastructure security, access management, vulnerability management, and cloud security. Regulatory & Compliance Expertise: Familiarity with compliance regulations, IT security frameworks, and industry standards such as ISO 27001, NIST, PCI-DSS, and COBIT. Audit & Risk Assessment Experience: Proven experience conducting security audits and risk assessments, with a focus on minimizing information security risks. Data Protection & Privacy: Desirable knowledge of data protection regulations and GDPR compliance. Leadership & Influence: Demonstrated leadership skills with the ability to influence and engage stakeholders at all levels across the organization. Communication Skills: Excellent verbal and written communication skills, with the ability to simplify and communicate technical information to a non-technical audience. Self-Motivated: A proactive, self-motivated individual who excels in both team-oriented and independent working environments. Morgan McKinley is acting as an Employment Agency and references to pay rates are indicative. BY APPLYING FOR THIS ROLE YOU ARE AGREEING TO OUR TERMS OF SERVICE WHICH TOGETHER WITH OUR PRIVACY STATEMENT GOVERN YOUR USE OF MORGAN MCKINLEY SERVICES. Skills: ISO 27001 NIST PCI-DSS COBIT CISSP CISM