ITRA

Role:

• To support in the identification prioritization and management of all Confidentiality Integrity Availability and Regulatory risks to the services delivered by Client IT and suppliers.
• Ensure the risk to client is reduced to an acceptable level and managed effectively and is achieved by ensuring an appropriate risk and control framework is in place identifying assessing and developing remediation plans for all risks and by ensuring all new developments are appropriately assessed.
• Interfaces with key stakeholders across the organisation (including Business IDT portfolio managers project managers IRM IDSO) to drive the IDT security agenda.
• Understands and drives endtoend security deliverables in T&S projects strategic transformation programs and initiatives
• Act as a security focal within programs liaise with program and security natural teams for governance risk and compliance
• Leads discussions and drives riskaware culture with stakeholder teams (product owner Product manager IRM S&C and IDSO) in interpreting security requirements
• Support and act as an interface to audits
• Understand Technology Landscape (Application and Infrastructure) and proactively review Clients information security and related threats and vulnerabilities legal and regulatory requirements.
• Review and advise on information security risks of vendor offerings New/leveraging existing (SAAS / PAAS/IAAS) services including integration with Client environment.
• Ensure all the risks are properly documented classified and addressed with appropriate action as per the IRM standards.
• Active participation in driving awareness of Information security related issues and risks with Business/Business IT Teams
• Translate Technical legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its implementation methodologies.
• Ensure that S&C continues to focus on risks significant to the Business with emphasis on innovation.
• Scoping and Designing fit for purpose security controls
• Review and approve the control design of supplier and Client technical specifications against Clients control requirements as agreed contractually during PDF project.
• Support the development of new IRM policies tooling procedures where required.

Skillset Required:

• At minimum 9 (and 6) years in IRM function preferably aligned with control framework best practices and risk management.
• A qualification in CISSP CISA CRISC or CISM.
• Good understanding of and experience with Information Risk Management IT Security and Compliance and Security Controls and Audit.
• Advanced understanding of internal and external IT security standards SOX PCI SOC2/1 ISO27001 standards and relevant legal compliance aspects.
• Robust understanding of and solid experiences with the impact of Security on application development and operations as well as the IT Infrastructure.
• Ability to promote high performance teams working with inclusiveness and cultural diversity across organizational boundaries.
• Good understanding of cloud security requirements and thirdparty control assurance.
• Ability to interface with different groups (Third parties Business and IT) internal and external to IT (security) and to network globally across Group businesses as well as with external groups.
• Technical knowledge & relevant experience in security domains /technologies
• Knowledge of Data Security Standards Privacy Principles.
• Ability to foresee and identify mitigation strategies for Risks.

Risk Management,IT Security and Compliance and Security Controls and Audit.,IT security standards, SOX, PCI, SOC2/1, ISO27001,control framework