IS Risk Manager will lead on all assurance activities and conduct security and data reviews, analysis and testing to confirm the appropriate application (whether through technology, process, or behaviour) of the policies and the secure operation of the Lebara's systems and the information and data therein. Your focus will be on planning, establishing, developing, managing and implementing a security assurance, governance, auditing, business continuity, risk and compliance framework that meets external and internal stakeholder expectations and is aligned to best security practice, as well as to regulatory and legislative requirements. The role is also responsible for cloud security governance and requires a working knowledge of AWS and Azure.
Role and Responsibilities:
• Perform Security Risk assessments and conduct related ongoing organisational compliance monitoring activities
• Identifying cloud-related risks and related business impact
• Identifying risk mitigation approaches (actions, phases, manual efforts, etc.)
• Communicating risks in business terms for prioritization
• Determining that correct measures of governance and controls are in place to validate identified cyber risks and vulnerabilities are prioritised correctly and remediated based on agreed SLA’s
• Validate operational decisions with stakeholders are made in accordance with our policies and standards and do not increase the overall risk exposure of Lebara
• Assess, measure and report findings of our key applications and security and information assurance controls
• Identify and evaluate risks; understand business context and prepare reports and recommendations
• Wok with all functional business areas to develop and maintain a corporate wide BCP program that addresses business recovery and emergency response management
• Define, establish, and implement organizational information security processes, to ensure business, regulatory, legislative and contractual requirements and obligations are met.
• Implement internal and external ISMS audit processes, audit plan, monitor effectiveness of controls and corrective actions in cooperation with the stakeholders across the organization.
• Manage gap analysis, compliance readiness, and compliance monitoring activities for ISO/IEC 27001, PCI DSS, NIS 2 and other regulatory security audits.
• Coordinate external security audits, assessments and testing as well as remediation plans development and implementation.
• Identify, assess, and monitor information security risks and recommend mitigation measures.
• Develop content, coordinate, and facilitate a comprehensive organizational information security awareness training program.
• Manage security requirements with third parties, including due diligence of products and services providers and information security requirements clauses in service provision agreements and contracts.
• Develop, coordinate, and maintain information security policies, procedures and other security related documents.
• Analyze, map, and communicate information security requirements, that derive from legislative and regulatory obligations in various jurisdictions.
• Partner with Legal team to ensure compliance with regulatory security requirements.
• Continually improve and update knowledge to accommodate changes to the company’s regulatory environment and needs.
• Excellent written, verbal communication and presentation skills
Skills & Experience:
• Proven assurance experience across security governance, risk and compliance domain
• Proven experience of auditing IT systems
• Proven experience across business continuity domains
• Strong communication skills and ability to interact professionally with a diverse group including executive management, managers and subject matter experts.
• Strong management skills, leading people, delegating tasks, setting goals and ensuring objectives are met in continuous and deadline-oriented activities.
• Experience in leading ISO 27001:2013 certification and surveillance audits.
• Experience in leading and supporting information security risk assessments and management process.
• Pro-active, self-motivated approach and ability to work independently within a global security team.
• Bachelor’s Degree in Information Security, Information Assurance, Computer Science, Cybersecurity, Risk Management or equivalent work experience.
• Professional certification (CISSP/CISM/CRISC and ISO 27001 Lead Implementer/Auditor or similar).
• At least 10 years of experience in Information Security.
• High proficiency in written and spoken English.
• Experience working with cloud security and GRC tools, cloud access security brokers (CASBs), and server virtualization technologies
• Ability to share your specific expertise to the rest of the Technology group.
Behavioural Fit:
• Professional appearance and manner
• High personal drive; results-oriented; make things happen; “can-do attitude”
• Can work and adapt within a highly dynamic and growing environment
• Team Player; effective at building close working relationships with others
• Effectively manages diversity within the workplace
• Strong focus on service delivery and the needs and satisfaction of internal clients
• Able to see issues from a global, regional and corporate perspective
• Able to effectively plan and manage large projects
• Excellent communication skills and interpersonal skills at all levels
• Strong analytical, presentation and training skills
• Innovative and creative
• Visionary and strategic view of technology enablers (creative and innovative)
• High verbal and written communication ability, able to influence effectively at all levels
• Possesses technical expertise and knowledge to lead by example and input into technical debates
• Depth and breadth of experience in Cloud Application Security technologies
• Enterprise mentality and a global mindset
• Sense of humour