Black Pen Recruitment

Empowering seamless transactions and financial stability, our clients fintech company specializes in pioneering solutions for payments and stablecoins. With a deep understanding of the evolving financial landscape, they leverage advanced technology to ensure secure and efficient payment processing. Committed to driving innovation, they strive to simplify transactions and foster trust in the digital economy.
Job Type: Full Time l Remote
Role Overview
Information Security Governance Risk & Compliance Specialist is a key team member of our clients security organisation and is responsible for IT Governance and IT Risk activities that both support and provide oversight to IT, Product Engineering, Infrastructure and Security teams as well as their suppliers and customers. The candidate is expected to have strong understanding of compliance frameworks including SOC 2 Type 2, ISO 27001, GDPR, PCI DSS and be responsible for conducting IT Governance Tasks that align and contribute to the overall success of the broader GRC initiatives under the leadership of our clients CISO. Integral to the role is the ability to manage Governance activities to protect our clients business and clients’ data. Focus is given to maintaining policy compliance, process and organizational policies, standards documentation, information security governance and risk management functions. Additional focus is applied to implementing and refining policies, standards and procedures that help promote the control framework’s adoption and alignment throughout their business.. Furthermore, the position plays a key role in continual process improvements and evolution as it relates to IT Security Risk Assessments, Policy Exceptions and the strategic vision of IT Governance
Requirements

Bachelor’s degree in discipline related to functional work or role

Industry recognized certifications such as CISM, CRISC, CISA, or equivalent

7+ years of experience in IT Governance or Security Governance working in either a Software Development, FinTech or financial institution.

Experience working in an IT Governance, Risk and Compliance role

Strong understanding of compliance frameworks including SOC 2 Type 2, ISO 27001, GDPR, PCI DSS

Experience leading a company through an audit process for obtaining / maintaining compliance certification such as SOC 2 Type 2, ISO 27001, PCI DSS

Strong risk assessment framework knowledge and experience performing risk assessments covering key risks and controls.

Very strong communication (verbal and written) skills and the ability to present with clarity

Strong project management and organization skills

Responsibilities

Coordinate the development of best practice policies and standards based on various governance frameworks

Ensure all IT controls are documented and assigned control owners to establish accountability.

Ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives

Assist the IT Governance, Risk & Compliance function in maturing the Information

Security and Technology Risk Management methodology through improvements in standardized risk assessments

Update and maintain a robust technology risk and control framework and ensure proper alignment to relevant industry frameworks (e.g., COBIT, SOC 2, ISO 27001, NIST, etc.).

Monitoring IT controls across the organization

Assist in the validation of IT control alignment to various industry standards, framework, and requirements (e.g., COBIT, SOC 2, ISO 27001, NIST, etc.)

Assist in Information Security and Technology Risk Management governance activities including coordinating monthly risk committee meetings with management from IT, Risk and Business Units

Policy creation, updates, and overall management and organization of shared documentation

Control Self Assessments and Control Gap Analysis

Third party risk management and reporting

Support Security Due-diligence activities with both regulators and business prospects

Maintaining a Risk Register

Documenting and evaluating policy exception requests

Responsible for developing and deriving KPIs from a controls baseline

Overall analytics of the GRC program and creation and distribution of reporting metrics / dashboarding where appropriate

Maintenance of the global scope of IT assets, controls, control owners, risks, etc. that make up the IT GRC program

Creation, documentation and maintenance of governance processes to oversee IT GRC programs

Black Pen Recruitment

You must sign in to apply for this position.