Senior IT Governance, Risk & Compliance Specialist
- Place of work: Remote work
- Wage (gross): From 3 500 EUR/monthfinal monthly basic salary is based on candidate´s professional experience, skills and knowledge *
- Contract type: full-time
Job description, responsibilities and duties
- Implements IT security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances College business objectives.
- Evaluates IT risks and develops security standards, procedures, and controls to manage risks. Improves PCC’s security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
- Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts.
- Defines and documents business process responsibilities and ownership of the controls in GRC tool. Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.
- Updates security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting personal data
- Performs and investigates internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
- Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
- Assists other staff in the management and oversight of security program functions.
- Trains, guides, and acts as a resource on security assessment functions to other departments within the College.
- Remains current on best practices and technological advancements and acts as the College’s technical resource for security assessment and regulatory compliance.
- Performs other related duties as assigned.
- Evaluates IT risks and develops security standards, procedures, and controls to manage risks. Improves PCC’s security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
- Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts.
- Defines and documents business process responsibilities and ownership of the controls in GRC tool. Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.
- Updates security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting personal data
- Performs and investigates internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
- Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
- Assists other staff in the management and oversight of security program functions.
- Trains, guides, and acts as a resource on security assessment functions to other departments within the College.
- Remains current on best practices and technological advancements and acts as the College’s technical resource for security assessment and regulatory compliance.
- Performs other related duties as assigned.
Company on whose behalf the position is being filled
Financial consultancy, intermediation of financial services and insurance
Top employer with great atmosphere and benefits.
Top employer with great atmosphere and benefits.
Requirements for the employee
Required education
Secondary with school-leaving examination
Follow-up/Higher Professional Education
University education (Bachelor's degree)
University education (Master's degree)
Postgraduate (Doctorate)
Follow-up/Higher Professional Education
University education (Bachelor's degree)
University education (Master's degree)
Postgraduate (Doctorate)
Language skills
English - Upper intermediate (B2) or Slovak - Advanced (C1)
Personality requirements and skills
Knowledge of:
- Applicable information security management, IT governance, and compliance principles, practices, laws, rules and regulations;
Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols;
- Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration;
- Information systems auditing, monitoring, controlling, and assessment process;
- Incident response management;
- Risk assessment and management methodology.
Skills in:
- Developing and implementing enterprise governance, risk, and compliance strategy and solutions;
- Researching and locating information related to internal and external organizations using online and other sources;
- Security project management and planning;
- Maintaining confidentiality;
- Troubleshooting and operating a computer and various software packages;
- Defining problems, collecting and analyzing data, establishing facts and drawing valid conclusions;
- Using judgment and ingenuity in maintaining objectives and technical standards;
- Working with diverse academic, cultural and ethnic backgrounds of community college students and staff.
Ability to:
- Effectively communicate technical issues to diverse audiences, both in writing and verbally;
- Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process;
- Evaluate and update and/or revise program materials;
- Learn quickly and apply knowledge to new situations;
- Handle sensitive and confidential matters, situations, and data;
- Understand and follow broad and complex instructions;
- Interact positively with staff, the Board, the public, and regulatory agencies in order to enhance effectiveness and to promote quality service;
- Comprehend technical language and to confer, analyze and write in an objective, lucid manner;
- Work independently and prioritize multiple tasks and adapt to needed changes;
- Remain calm under high pressure/difficult situations.
- Applicable information security management, IT governance, and compliance principles, practices, laws, rules and regulations;
Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols;
- Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration;
- Information systems auditing, monitoring, controlling, and assessment process;
- Incident response management;
- Risk assessment and management methodology.
Skills in:
- Developing and implementing enterprise governance, risk, and compliance strategy and solutions;
- Researching and locating information related to internal and external organizations using online and other sources;
- Security project management and planning;
- Maintaining confidentiality;
- Troubleshooting and operating a computer and various software packages;
- Defining problems, collecting and analyzing data, establishing facts and drawing valid conclusions;
- Using judgment and ingenuity in maintaining objectives and technical standards;
- Working with diverse academic, cultural and ethnic backgrounds of community college students and staff.
Ability to:
- Effectively communicate technical issues to diverse audiences, both in writing and verbally;
- Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process;
- Evaluate and update and/or revise program materials;
- Learn quickly and apply knowledge to new situations;
- Handle sensitive and confidential matters, situations, and data;
- Understand and follow broad and complex instructions;
- Interact positively with staff, the Board, the public, and regulatory agencies in order to enhance effectiveness and to promote quality service;
- Comprehend technical language and to confer, analyze and write in an objective, lucid manner;
- Work independently and prioritize multiple tasks and adapt to needed changes;
- Remain calm under high pressure/difficult situations.
Advertiser
Brief description of the company
Pro HR, s.r.o. je personálno-poradenská spoločnosť špecializujúca sa na oblasť služieb recruiting & selection, executive search a HR consulting. Svojim klientom poskytujeme individuálny prístup k riešeniu otázky zabezpečenia kvalifikovaných zamestnancov. Pro HR realizuje vyhľadávanie a výber kandidátov aktívnym a priamym spôsobom prostredníctvom služieb recruiting & selection a executive search.
Konzultanti spoločnosti permanentne mapujú trh, poznajú aký typ zamestnancov sa nachádza v spoločnostiach s podobným zameraním klienta, príp. konkrétne vhodné pozície s ich náplňou a zodpovednosťami v iných spoločnostiach. Na základe ich znalosti je možné priamo osloviť potenciálne vhodného kandidáta s požadovaným súborom znalostí a skúsenosti.
Spoločnosť Pro HR, s.r.o. sa v oblasti vyhladávania a výberu kandidátov špecializuje na cieľovú skupinu:
1. nižší, stredný, vyšší manažment
2. špecializované pozície – financie, predaj & marketing, logistika & nákup, procesy a kvalita, project management & stratégia + support, CRM
3. IT/telco technické pozície, Help Desk pozície (IT a telco špecialisti, programátori, analytici, SW architekti, projektoví manažéri, atď.)
The company is a holder of a licence to offer recruitment services. (AA/2009/4810/4232/OISS)
Konzultanti spoločnosti permanentne mapujú trh, poznajú aký typ zamestnancov sa nachádza v spoločnostiach s podobným zameraním klienta, príp. konkrétne vhodné pozície s ich náplňou a zodpovednosťami v iných spoločnostiach. Na základe ich znalosti je možné priamo osloviť potenciálne vhodného kandidáta s požadovaným súborom znalostí a skúsenosti.
Spoločnosť Pro HR, s.r.o. sa v oblasti vyhladávania a výberu kandidátov špecializuje na cieľovú skupinu:
1. nižší, stredný, vyšší manažment
2. špecializované pozície – financie, predaj & marketing, logistika & nákup, procesy a kvalita, project management & stratégia + support, CRM
3. IT/telco technické pozície, Help Desk pozície (IT a telco špecialisti, programátori, analytici, SW architekti, projektoví manažéri, atď.)
The company is a holder of a licence to offer recruitment services. (AA/2009/4810/4232/OISS)
Main focus of the company's activities
Employment placement and personal consultancy
Number of employees
10-19 employees
Information about the selection process
* We are required by law to disclose basic wage component (minimum salary) for the advertised positions. Your actual final salary is based on your professional competencies, skills, qualifications and experience matching the position.
If you are interested in our offer, send your CV in Slovak or English to [email protected]. Please, specify the position of your interest in the subject of message.
If you are interested in our offer, send your CV in Slovak or English to [email protected]. Please, specify the position of your interest in the subject of message.
Contact
ID: 4092416
Dátum zverejnenia: 1.12.2023
2023-12-01
lokalita: Remote work Pozícia: Auditor, Compliance Specialist, ISO Specialist, IT Security Specialist, Risk Manager Spoločnosť: Pro HR
Základná zložka mzdy (brutto): 3 500 EUR/month