T&DS - GRC Senior Specialist

• Review all policies, procedures and other core framework documents.
• Ensure compliance with the global policies and maintain the resilience of the global services.
• Help the leadership team define information systems security objectives and priorities to keep business safe.
• Work with the global security steering committee to develop, formalise and communicate global policies, guidelines and methodologies to achieve objectives.
• Assess the global cybersecurity risks, by consolidating country risks and update in line with security objectives and policies.
• Manage the risk management programme by reviewing all existing asset registers and risk registers.
• Support continuous improvements of the ISMS by designing and implementing effective metrics.
• Maintain ISMS portal and documentation up to date.

• Prepare and lead committees around security / GRC topics
• Define / update ISMS policies
• Control and monitor policies with relevant KPIs
• Implement risk management
• Conduct security assessment

• 6-8 year experience in information security of which minimum of 3 years of business experience in running an ISMS based on ISO27001.
• Must be a certified lead implementer or a certified lead auditor on ISO27001:2013 or 2022.
• Professional security qualifications such as CISSP and/or CISM preferred.
• Knowledge of other framework (ISO 27005) and System and Organization Controls (SOC2) reporting.
• Cyber and cloud security standard frameworks, architecture & design.
• Excellent interpersonal and communication skills.
• Fluent in English, other spoken languages is a plus.
• Collaborative mindset and teamwork.
• Influence and ability to impact decisions and stakeholders.
• Excellent organisational skills, ability to multi task and work within a global team.
• Methodical approach to work, attention to detail and delivery of high quality results.

Forvis Mazars