Job Title

Senior IT Security Risk & Compliance Analyst

Job Description Summary

Primary Purpose: Manage and coordinate day-to-day security operations and initiatives, ensuring alignment with global standards and timelines. Collaborate with regional leads, legal, and service lines to support training, risk management, and governance. Lead security awareness efforts, vendor/client assessments, and ensure effective implementation of the Information Security Risk Framework.

Job Description

Primary purpose of the job:

• Manage day-to-day Business as usual security initiatives, ensuring deadlines, timelines, and set processes are managed and met throughout the year.
• Work with Regional Security Leads to ensure that cross-region activities are followed through and completed
• Collaborate with Service Line organizations and Legal in reviewing specialized training needs and requirements that are documented.
• Work with and manage security service desk L4 concerns.  Initiate and shepherd swift remediation action to resolve issues.
• Capture information risk metrics into a central repository, analyze the metrics and ensure they are meaningful and tell the true story of the GISO operations
• Determine, measure, and agree on actions to ensure that the C&W GISO is looked up to as a world leader and innovative in its methods
• Lead or participate in various security awareness activities and other initiatives as needed.
• Participate in vendor security assessments to ensure vendors meet internal information security requirements and help monitor them
• Participate in client security assessments and audits ensuring that internal information security requirements satisfy client needs.
• Support the continuing embedding of the Information Security Risk Framework and processes
• Ensure information security governance and processes align with the wider program of information security processes and that they operate effectively.

Qualifications (education) required for filling the position

• Degree or equivalent work experience in computer science, information systems, or related field

Other professional qualifications required for filling the position:

• 3+ years of experience in one or more domains of information security such as vendor risk management, security governance, security operations, etc.
• Experience and thorough understanding of IT risk and compliance standards and industry best practice frameworks such as ISO 27001 / 2, NIST CSF, NIST SP800-53, CCSK
• Excellent task management and time management skills.
• Excellent communication skills (verbal and written).
• Ability to collaborate with business and IT partners in task management and project coordination.
• Large multi-national company experience preferred
• Strong interpersonal skills and ability to work cross-functionally and across divisions with others.
• Strong teambuilding skills including promoting cooperation and good working relationships among peers and team members, remaining positive and supportive during change, and building rapport and trust with IT Risk stakeholders and other business partners.
• Strong problem-solving and program execution skills.
• Team player
• Competent in Microsoft Office Suite

Foreign language skills required for filling the position:

• English (Fluent written and oral competency)

Required skills for filling the position:

• Excellent planning and organizational skills to coordinate risk assessments, reporting, control, and assurance activities
• Attention to detail and a track record of delivering high-quality reports of accurately presented data in a meaningful and appropriate way
• Exceptional interpersonal skills to successfully communicate with stakeholders by phone, in documentation, via email, and in meetings and workshops.
• Strong communication and stakeholder engagement skills with the ability to influence and adapt the approach as required at all levels
• Solid understanding of how an information security organization functions
• Able to analyze large amounts of information to deliver succinct, clear messages
• Able to manage own time effectively and show judgment on prioritizing tasks, working on activities concurrently when required, and demonstrate flexibility to changing requirements, often at short notice
• Team player
• Competent in Microsoft Excel, PowerPoint, and SharePoint

Clause:

The tasks, responsibilities, and related administration obligations included in this job description are not described in full, they may be supplemented to reflect the general and job-specific professional habits.

The holder of the job must perform lawful instructions of the line manager and occasionally also perform tasks that do not fall within the job.

INCO: âœCushman & Wakefieldâ