Jobid=e00ea24249f8 (0.0273)
We are seeking a skilled IT GRC Specialist to join our dynamic team. This role is crucial in ensuring our IT operations are aligned with regulatory requirements and industry best practices. The IT GRC Specialist will play a key role in classifying ICT assets, supporting IT’s risk and control environment with testing of IT controls, and enhancing the overall security posture of the organization. Reporting directly to the Information Security Manager and collaborate closely with departments across the organization to strengthen our overall security posture. Job Summary The IT Governance, Risk and Control/Compliance (IT GRC) Specialist organizationally be placed under IT Division reporting to the Information Security Manager, for the purposes of strengthening the governance of IT risk control within the first line . Key Responsibilitie Execute IT control testing process and continuous monitoring of IT controls. Make recommendations to further improve the IT control environment and execute recommendation follow-up process. Support Bank’s IT risk & control environment in integration & alignment & coordination with stakeholders in 1st, 2nd or 3rd Line of Defense (such as IT, Operations, Risk Management, Internal Audit) Define all IT related policies, standards, procedures collaborating with other IT teams, conform to regulatory requirements, formalize and keep up to date. Coordinate external & internal IT Audits and follow-up between different IT teams. Coordinate, manage and escalate IT incidents together within ISM, IT teams and 2nd line risk officers. Coordinate IT BCP efforts for IT Continuity and Disaster recovery preparations related to IT. Participate ICT assets classification processes, make sure IT risks on critical information assets in Nexent Bank and Its’ IT providers are identified. Participate IT Contracts & Service Level Agreements with 3rd Parties, and IT Third Party Risk Assessments and IT due-diligence processes. Qualifications Excellent communication and reporting skills to engage with cross-functional teams and senior leadership. Strong knowledge of information security frameworks, risk management, and compliance standards such as DORA, Swift CSP, NIST, ISO 27001. Experience of implementing cyber security frameworks. Technical understanding of network / information security / cloud / access control tools and interaction between different layers of security. Proven experience in incident management, penetration testing coordination, and security operations. Experience with third-party vendor security assessments is a plus. Ability to take on responsibility to understand and resolve issues. Strong written and oral communication skills. Have an excellent command of both written & spoken English. Eager to learn. Application Do you recognize yourself in this profile then share your application by sending your English resume to our career site by clicking the apply button.
Deel deze vacature: