Job Details
Governance Compliance Risk Specialist Excellent Package
Based Southwest London
This is an exciting opportunity to join our client a worldwide brand whose software is used for enterprise resource planning across industry and the globe. They seek a Governance Compliance Risk Specialist to oversee quantitative analysis process for security risks and conduct targeted security risks assessments. This is an excellent opportunity to work for this global leader.
The Role
- Understand the risk quantification process by supporting asset identification, applying data gathering techniques, demonstrating the ability to define and decompose a risk scenario, and communicating the quantitative risk reports (financial terms).
- Be the lead on successful cyber risk quantification. Consider management strategies, improve the decision making and the prioritization of identified risks align with business goals.
- Oversee quantitative analysis process for security risks, targeted security risks assessments and other security project reviews identified across cybersecurity, enterprise security architecture, business continuity/ disaster recovery, and other security-related IT functions.
- Collaborate with security risk teams to deliver quantitative risk assessments.
- stakeholders to establish formal information security risk practices.
- Work independently and with internal and external business partners for any third-party assessments on security functions.
- Demonstrating proven expertise and successfully manage simultaneous project work streams in system security, cybersecurity controls or information security management environment, specifically on NIST domains.
The Person- Previous experience in a similar role working in IT Risk management, with experience in audit, quantitative analysis, compliance, or risk consulting.
- Experience using Governance, Risk and Compliance (GRC) tools and Factor Analysis of Information Risk Model (FAIR).
- Experience with information security compliance audit frameworks and requirements, NIST, COBIT, CMMI, ISO27001, FISMA, FedRAMP, SOC, SOX, PCI-DSS, and GDPR.
- Security certification, CISSP, - CRISC preferred, or be prepared to attain.
- Ability to understand and interpret information security, IT, and risk management terminology and topics.
- Ability to understand threat modelling and analysis, data management, guided workflows and loss reporting assessments based on the FAIR taxonomy.
- Ability to demonstrate analytical expertise, close attention to detail, excellent conflict resolution and negotiation skills, logic, and solution orientation and to learn and adapt quickly, thinking out of the box mindset.
- Proactive, self-managed, and able to interface well with sponsor personnel and inter-disciplinary teams across an organization.