Information Security Risk Specialist
As the Information Security Risk Specialist, you shall support the Security Risk Manager who has responsibility for all Governance, Risk and Compliance activities across R3, as well as the designing of appropriate policies and organisational controls within R3. You will ensure that the control environment supports R3's mission of trusted enterprise software vendor, operator of the Corda Network and Managed Services provider. You'll be used to working in environments with mature security controls, but have the insight to bring a risk-based approach to a fast-moving company with a start-up culture. This is an opportunity to help "write the book" on building sound security assurance and good security practices for enterprise blockchain. If this sounds like you, read on...
- Support the Security Risk Manager in the delivery of security governance, risk and compliance activities globally.
- Drive the different types of security risk assessments (people, process, technology) across different business lines and manage risks via the risk register.
- Ensure assurance activities are appropriately implemented across different business lines, be able to test the effectiveness of those controls along with providing advice and guidance for improvements.
- Conduct security assessments and due diligence activities of critical 3rd party suppliers/vendors. This shall include liaising with key stakeholders such as IT, Legal and Business Resources.
- Support the Security Risk Manager and the wider Security team in the development, operation and maintenance of R3's security control environment (ISMS) including information security policies, procedures and guidelines and exemption management.
- Implement appropriate governance activities across R3 including providing metrics/reporting to stakeholders to demonstrate maturity of the security program.
- Prepare for an external assessment of R3's security control environment such as SOC 2 and ISO 27001 (R3 is undergoing a SOC 2 assessment within a year and in the process of completing Cyber Essentials/Cyber Essentials Plus certification).
- You'll have 5 years of experience in a direct information security role specialising in governance, risk and compliance activities.
- You will have created documentation such as policies, procedures and guidelines to support a comprehensive ISMS and control environment.
- You will have conducted controls testing and assurance activities and be able to demonstrate the benefits of implementing mature security control.
- Working knowledge of ISO 27001 or NIST Cyber Security Framework would be great, but experience with other recognised standards will be acceptable.
- A good appreciation of technical controls e.g. endpoint security, identity and access management, network security controls (firewalls, VPN), intrusion detection and cloud governance. You won't be expected to be hands-on, but you should be aware of how they fit within the control environment.
- Worked in an organisation with mature security controls or ISO/SOC2 certification. You will have a good understanding of the controls needed to achieve different security certifications.
- A good understanding of the security practices which should be adopted for different legal and regulatory requirements such as PCI-DSS, GDPR, or different regulatory bodies.
- Financial services experience would be ideal, but experience in organisations with a mature security environment would be preferable too.
- An MSc in Information Security or a CISSP, CISM, CISA. Appropriate career experience is just as important though. Be prepared to tell us all about that experience.
Job tags: CISA CISM CISSP Compliance GDPR Go ISO 27001 Network security NIST PCI Security assessments SOC 2 SOC2
Job region(s): Europe
Job stats: 11 1 0