Black Pen Recruitment
Empowering seamless transactions and financial stability, our clients fintech company specializes in pioneering solutions for payments and stablecoins. With a deep understanding of the evolving financial landscape, they leverage advanced technology to ensure secure and efficient payment processing. Committed to driving innovation, they strive to simplify transactions and foster trust in the digital economy.
Job Type: Full Time l Remote
Role Overview
Information Security Governance Risk & Compliance Specialist is a key team member of our clients security organisation and is responsible for IT Governance and IT Risk activities that both support and provide oversight to IT, Product Engineering, Infrastructure and Security teams as well as their suppliers and customers. The candidate is expected to have strong understanding of compliance frameworks including SOC 2 Type 2, ISO 27001, GDPR, PCI DSS and be responsible for conducting IT Governance Tasks that align and contribute to the overall success of the broader GRC initiatives under the leadership of our clients CISO. Integral to the role is the ability to manage Governance activities to protect our clients business and clients’ data. Focus is given to maintaining policy compliance, process and organizational policies, standards documentation, information security governance and risk management functions. Additional focus is applied to implementing and refining policies, standards and procedures that help promote the control framework’s adoption and alignment throughout their business.. Furthermore, the position plays a key role in continual process improvements and evolution as it relates to IT Security Risk Assessments, Policy Exceptions and the strategic vision of IT Governance
Requirements
Bachelor’s degree in discipline related to functional work or role
Industry recognized certifications such as CISM, CRISC, CISA, or equivalent
7+ years of experience in IT Governance or Security Governance working in either a Software Development, FinTech or financial institution.
Experience working in an IT Governance, Risk and Compliance role
Strong understanding of compliance frameworks including SOC 2 Type 2, ISO 27001, GDPR, PCI DSS
Experience leading a company through an audit process for obtaining / maintaining compliance certification such as SOC 2 Type 2, ISO 27001, PCI DSS
Strong risk assessment framework knowledge and experience performing risk assessments covering key risks and controls.
Very strong communication (verbal and written) skills and the ability to present with clarity
Strong project management and organization skills
Responsibilities
Coordinate the development of best practice policies and standards based on various governance frameworks
Ensure all IT controls are documented and assigned control owners to establish accountability.
Ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives
Assist the IT Governance, Risk & Compliance function in maturing the Information
Security and Technology Risk Management methodology through improvements in standardized risk assessments
Update and maintain a robust technology risk and control framework and ensure proper alignment to relevant industry frameworks (e.g., COBIT, SOC 2, ISO 27001, NIST, etc.).
Monitoring IT controls across the organization
Assist in the validation of IT control alignment to various industry standards, framework, and requirements (e.g., COBIT, SOC 2, ISO 27001, NIST, etc.)
Assist in Information Security and Technology Risk Management governance activities including coordinating monthly risk committee meetings with management from IT, Risk and Business Units
Policy creation, updates, and overall management and organization of shared documentation
Control Self Assessments and Control Gap Analysis
Third party risk management and reporting
Support Security Due-diligence activities with both regulators and business prospects
Maintaining a Risk Register
Documenting and evaluating policy exception requests
Responsible for developing and deriving KPIs from a controls baseline
Overall analytics of the GRC program and creation and distribution of reporting metrics / dashboarding where appropriate
Maintenance of the global scope of IT assets, controls, control owners, risks, etc. that make up the IT GRC program
Creation, documentation and maintenance of governance processes to oversee IT GRC programs
Black Pen Recruitment
You must sign in to apply for this position.