Risk & Compliance Auditor

Main Purpose of the Role

Work hand-by-hand with our technology and operational teams on continuous improvement of security and resiliency of Truphone’s products and services.

Help our business leaders to make informed, well-timed and risk-aware decisions regarding the investments in Information Security, Privacy and Business Continuity.

Key Responsibilities

• Evaluation of the operational activities and advice on appropriate steps or activities to guarantee compliance with legal, regulatory and contractual requirements and continuity of Truphone’s critical services
• Participate in the development and maintenance of global policies and standards, including the assurance and governance of policies and standards in support of ISO 27001, ISO 22301, GSMA SAS certifications and GDPR compliance
• Ensuring that all policies and procedures are implemented and well documented.
• Pro-actively identify vulnerabilities and weak security controls, conduct security audits and recommend improvements and corrective actions to the relevant teams.
• Participate in Risk Management, cybersecurity awareness and Internal/External audit activities.
• Supplier Security due diligence and audits.

Requirements

Skills and Experience Required:

• Previous experience in information security management and/or related functions (such as IT audit and IT Risk Management).
• Significant awareness of relevant compliance requirements (Information Security, Privacy and Business Continuity)
• Experience in Systems Business Continuity/Disaster Recovery, plus Risk & Compliance Management.
• Experience in Pen Testing finding analysis, vulnerability management, and mitigation.
• Ability to develop and maintain policies, standards and processes.
• Proven experience in projects related with design and implementation of Information Security, Privacy and Business Continuity solutions.
• Information security, Business Continuity or Privacy qualifications a plus.
• Project and Program Management qualifications a plus.
• Solid experience in performing IT audits, security vulnerability assessments, system configuration verifications, and security-related assignments within a Telecoms services environment.
• Experience in gathering of metrics and reporting to all levels within the organization.
• Manage the relationships with suppliers/partners to assure levels of Security & Compliance capabilities are commensurate
• Excellent communication, reporting, and interpersonal skills.