An exciting opportunity has become available for a Governance, Risk and Controls Specialist. Duties will include defining Cyber Governance, Risk and Compliance, and leading ongoing evaluation of security policies and relevant standards, supporting continuous improvement of the security governance programme, ensuring comprehensive Information Security Risk management programs are established and aligned with the enterprise risk management framework, leading the risk management of cyber security risks and collaborating with other departments to identify, recommend, develop, implement, and support a risk-informed decision and action framework, among other functions.
Duties and Responsibilities:
- Defining Cyber Governance, Risk and Compliance and leading ongoing evaluation of security policies, relevant standards, and supporting continuous improvement of the security governance program
- Ensuring comprehensive Information Security Risk management programmes are established and aligned with the enterprise risk management framework
- Leading the risk management of cyber security risks and collaborating with other departments to identify, recommend, develop, implement, and support a risk-informed decision and action framework
- Providing management with assurance that controls across business environments are adequately designed and operating effectively
- Supporting Management during audits, implementing and tracking Management audit actions to closure, and acting as the Cyber Audit SPOC for the Business by providing guidance on all audit submissions
- Assisting in the management and rollout of cyber training and awareness initiatives while deploying innovative cyber security awareness training collateral
- Providing management with status update reports and insight reporting, including designing status reports and insight reporting as required by management
- Promoting awareness of security policies, training, and governance strategy across all levels of the organisation to ensure sound security governance is reflected
- Assessing policy needs, training stakeholders in the policy lifecycle, clearly communicating expectations, and collaborating with subject matter experts and senior leaders to develop and manage security content
- Maintaining and further developing the Cyber Risk Management Programme and actively managing risks on the Cyber Risk Register from intake to resolution
- Communicating risk assessment findings with key stakeholders to develop and monitor risk remediation plans while developing cyber risk portfolios to provide a holistic view of team risks
- Conducting regular compliance assessments with the business to monitor and manage current and emerging risks
- Providing proactive control design and implementation guidance to the business while conducting process and control compliance monitoring and reporting
- Reviewing cyber audit reports and providing guidance to management on recommended actions, including tracking and monitoring audit remediation action implementation
- Leading reporting development using automation and reporting tools to generate Cyber Risk metrics, including KPIs, KRIs, and KGIs
Minimum Requirements:
- 3 Year Technical Diploma or Degree in Information Security, Computer Science or Engineering
- At least 3 to 5 years of experience as a Governance, Risk and Controls Specialist