IT Security & Compliance Manager
Recruiter
Listed on
Location
Salary/Rate
Type
Start Date
This job has now expired please search on the home page to find live IT Jobs.
Job Purpose:
* Support the Global IT Production Team to ensure the confidentiality, integrity and availability, of the client information assets within the Global IT Production scope
* Implement and continuously improve an effective and efficient Information Security Management System in line with Group IT Security Strategy, Architecture and Standards
* Ensure that operational, legal, regulatory and security risks are assessed and mitigated with effective controls in accordance with the business requirements and Enterprise Architecture
* Responsible to publicize the client IT Policy Framework throughout all business and IT users of the region to ensure all projects are delivered in accordance to Group Standards
* Monitor and manage all security incidents, lead investigations on behalf of the IT leaders and take remedial actions to prevent recurrence wherever possible
Main Tasks & Responsibilities:
* Support the Global Head of Information Security, Risk and Compliance in the implementation of the Group Information Security Strategy within the Global IT Production scope
* Review and evaluate IT procedures and controls concerning Information Security at a Global IT Production level
* Review all IT Change Requests related to Global IT Production platforms and participate to daily Global Change Advisory Board
* Ensure ICOFR, RIM, Group Policy and self-assessment exercise are carried out in a timely fashion and in line with Group expectations
* Communicate and publicize the client IT Policy Framework and work with the Group Policy and Awareness Manager to ensure users are educated and trained in all aspects of the Policy framework
* Liaison with Assurance function (GIA, Group IT Assurance, External Auditor)
* Make sure all audit actions (Internal & external) have a named owner and remediation plan; ensure agreed actions are delivered in line with agreed dates
* Assess current levels of risks within the Global IT Production environment on an on-going basis. Ensure all the identified security risks are managed through their lifecycle from identification to closure and provide appropriate visibility of the same to line management
* Ensure security testing is carried out for Important Assets and report findings are followed up and timely addressed
* Ensure that project team deploys products /systems / applications in line with IT Security Whitepapers / Requirements
* Conduct continual reviews of client security technology standards and infrastructure managed by the Global IT Production organization to ensure they are fit for purpose and provide the necessary levels of protection based on Group IT Standards
* Provide concise, relevant and informative reports to the Global Head of Information Security, Risk & Compliance and IT Management on the status of security and risks within the IT environment
* Monitor & manage all security incidents & breaches and take remedial actions to prevent recurrence wherever possible
* Lead investigations in the Global IT Production team for breach of Information Security Policies and standards or security compromise
* Be the recognized expert in the field of Information Security within the Global IT Production team and remain abrest of regional regulations and requirements related to information security like Data Privacy Laws
Personal Attributes:
* Strong team player
* Ability to build pro-active, co-operative working relationships with customers, peers and key stakeholders based on respect and team work
* Management level person with good ability to convince
* Ability to act under strong pressure and to manage efficiently crisis situations
* Good in management, developing team members by inspiring, encouraging and providing constructive criticism to help improve performance
* Able to evaluate information, identify key issues and formulate conclusions based on sound, practical judgment, experience and common sense
Professional & Leadership Experience:
* Strong experience of Web Application Firewall (or reverse proxy) policies and tuning
* Strong experience of data centre and cloud firewall rules management
* Strong experience IPS signature assessment and updates
* Good understanding of network and web-related protocols (e.g., TCP/IP, IPSec, HTTP, SSL, routing protocols)
* Experience working with SIEM technology and associated log assessment
* Knowledge of OWASP top ten critical web application security threats
* Experience in web database security and secure (web) application development SDLC
* Knowledge of REST and SOAP web services
* Experience of penetration testing and vulnerability scanners
* Excellent verbal and written English communication skills
* Ability to react to high pressure dynamic changing environments
* Ability to train security concepts
* Strong problem solving and analytical skills
Education & Training:
* University Degree preferably in a technical subject or any comparable education.
* Certifications: ITIL v3 Certification, CISSP, CISA, CISM or similar certification are preferred
* Minimum of 3 years experience in a similar role within a Global Organization
* Professional experience in running the information security office analysing and applying information security, risk management, and privacy practices
* Knowledge in IT Security and Risk Management and international regulatory compliances and frameworks (such as COBIT, Risk IT, ISO 2700X, SOX, NIST)
* Big 4 or HR industry background preferred
Minimum Requirements:
* Physically located in Lyon or Prague
* Must be willing to travel occasionally
* Excellent command of English is mandatory
* Understanding of French advantageous
Spring acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers. The Spring Group UK is an Equal Opportunities Employer.
By applying for this role your details will be submitted to Spring. Our Candidate Privacy Information Statement explains how we will use your information - please copy and paste the following link in to your browser: www.spring.com/candidate-privacy-information-statement
