• Perform Security Risk assessments and conduct related ongoing organisational compliance monitoring activities
• Identifying cloud-related risks and related business impact
• Identifying risk mitigation approaches (actions, phases, manual efforts, etc.)
• Communicating risks in business terms for prioritization
• Determining that correct measures of governance and controls are in place to validate identified cyber risks and vulnerabilities are prioritised correctly and remediated based on agreed SLA’s
• Validate operational decisions with stakeholders are made in accordance with our policies and standards and do not increase the overall risk exposure of Lebara
• Assess, measure and report findings of our key applications and security and information assurance controls
• identify and evaluate risks; understand business context and prepare reports and recommendations
• Work with all functional business areas to develop and maintain a corporate wide BCP program that addresses business recovery and emergency response management
• Define, establish, and implement organizational information security processes, to ensure business, regulatory, legislative and contractual requirements and obligations are met.
• Implement internal and external ISMS audit processes, audit plan, monitor effectiveness of controls and corrective actions in cooperation with the stakeholders across the organization.
• Manage gap analysis, compliance readiness, and compliance monitoring activities for ISO/IEC 27001, PCI DSS, NIS 2 and other regulatory security audits.
• Coordinate external security audits, assessments and testing as well as remediation plans development and implementation.
• Identify, assess, and monitor information security risks and recommend mitigation measures.
• Develop content, coordinate, and facilitate a comprehensive organizational information security awareness training program.
• Manage security requirements with third parties, including due diligence of products and services providers and information security requirements clauses in service provision agreements and contracts.
• Develop, coordinate, and maintain information security policies, procedures and other security related documents.
• Analyze, map, and communicate information security requirements, that derive from legislative and regulatory obligations in various jurisdictions.
• Partner with Legal team to ensure compliance with regulatory security requirements.
• Continually improve and update knowledge to accommodate changes to the company’s regulatory environment and needs.
• Excellent written, verbal communication and presentation skills