At Balusian, we are looking for an expert in risk management and information security governance to integrate the projects of one of our international clients located in Valencia.
Under the direct supervision of Lead, Cyber Security Governance, provide support in the following Tasks:
• Develop, implement and monitor a comprehensive enterprise information security and IT risk management programme to ensure that the integrity, confidentiality and availability of information is managed and controlled.
• Create, communicate and implement process for risk management, including the assessment and treatment of identified risks. Work directly with business units and stakeholders throughout the organization on identifying acceptable levels of residual risk. Report and oversee treatment efforts.
• Create and manage information security and risk management awareness training programmes for all employees, contractors and approved system users.
• Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
• Develop and enhance an information security management framework based on the ISO 27000 standards. Create a framework for roles and responsibilities regarding information ownership, classification, accountability and protection.
• Coordinate information security and risk management projects. Provide strategic risk guidance for IT projects.
• Manage security incidents and events to protect corporate IT assets, including intellectual property, sensitive data and the organization’s reputation.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
• Develop and oversee effective disaster recovery policies and standards.
• Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.
• Liaise among external and internal stakeholders, including audit, legal and HR management teams as required, to ensure that the organization maintains an appropriate security posture.
• Perform other related duties and fulfil responsibilities as required.
Knowledge and Requirements:
• At least, 7 years or more of progressively responsible professional experience in information technology and/or related area, including at least five years (5) working in information security.
• Experience in medium/complex size projects
• Experience in managing / working in large ICT programs;
• Experience in producing technical documentation including user
requirement documents, proposals in response to project requirements
• Experience in drafting processes and procedures documentation.
• Experience in working with Microsoft office tools and Microsoft Project.
• Certifications CISM, CRISC, CGEIT, CISSP.