Information Security Assurance and Compliance Specialist, GRC, ISO 27000, Auditing
This is a key role for one of the leading professional services firms that are seeking an Information Security Assurance and Compliance Specialist to join this developing and growing client.
The role:
The mission of the Information Security and Risk team is to establish a risk-managed environment that enables the company to adequately and reasonably protect the confidentiality, integrity, and availability of information used by the business and on behalf of clients.
Key Responsibilities
Review proposed Client engagement contracts and SLAs and complete client due diligence questionnaires, audit requests, and competitive bids, working to Client-orientated deadlines.
Maintain a repository of standard information security responses and design effectiveness evidence for external audits, client assessments, client RFPs, etc
Maintain and uphold the firm's certifications and Information Security Management System in line with the standard, facilitate such internal and external audit exercises, plus ensure timely remediation for any identified non-conformance as is necessary to keep compliance with the ISO27001 certification.
Assess and recommend information security, governance, risk management, and compliance services and working practices that reflect emerging Client expectations and best meet, develop, and improve the firm's current and future information security environment. Assist the Information Security, IT, and other departments with the identification and measurement of security risks and help identify appropriate controls. Carry out periodic assurance of controls to ascertain design effectiveness and maturity.
Assist members of the team to carry out other workloads relating to the operation of the Information Security department during periods of higher demand or where additional resources are required.
Facilitate continual improvement by investigating and utilizing the latest technologies, such as Artificial Intelligence/Machine Learning and other process methodologies, to help transform the delivery of the services with a focus on greater efficiency and accuracy.
Identify emerging Client implications and requirements for consideration into the information security frameworks, strategy, roadmap, policies and into IT initiatives roadmap.
Stay abreast of technical, industry, regulatory, and company changes and/or trends as they relate to cyber security, the legal industry, information management, InfoSec, technological standards/trends, and IT efficiencies.
Facilitate/establish and report on monthly metrics and Key Performance/Risk Indicators relating to Client due diligence work.
Provide education and insight to members of IT and other relevant areas, relating to the requirements and expectations of Clients.
Build and maintain relationships with the team and relevant members of the Risk and Client Operations departments, share best practices, and ensure that due diligence activities are coordinated and executed efficiently.
Essential Skills and Experience
Proven experience of working in an Information Security and IT Risk Management role within a fast-paced environment.
Operational knowledge of one or more international information security standards, risk management, and control frameworks/practices, e.g., ISF SOGP, ISO27001/2, ISO31000, IRAM2, NIST 800-53, and cybersecurity framework. COBIT, CPS-234 etc.
Two days required onsite each week
Information Security Assurance and Compliance Specialist, GRC, ISO 27000, Auditing
McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.