Description
Risk Assessment Lead - Contract - Dublin
Role Description
- The Risk Assessment Lead will support the delivery of the project by leading the information security risk assessment process.
- Including assessment of information asset risks, facilitation of risk and control workshops specific to information security, documentation of workshop packs, risks and controls.
Responsibilities
- Work with the InfoSec programme team to understand the organisations under review and in particular understand the risks to information assets identified during process walkthrough activity.
- Analyse the Information Asset Register and process flows to understand the information life cycle risks inherent in the assets identified for each business function
- Work with the InfoSec project team and/or business function to establish the personnel to be interviewed in the risk and control assessment workshops.
- Understand the scope of the programme, the information assets that are part of the scope, their relative values, and available risk mitigations.
- Obtain a clear picture of the stakeholder information security risks on the assets/processes they are responsible for, as well as the means employed to reduce existing risks, if any.
- Facilitate risk and control assessments working with the business function to agree ownership and inherent ratings for the risks identified, identifying controls, and identifying the residual risk ratings.
- Support the divisional Information Security Officers, (First Line of Defence) who will capture the risk and control assessment details
- Prepare engagement information/introduction materials for divisions and workshops
- Perform a QA on outputs from P2 and Inputs to P3
- Work with stakeholders to discuss information security weaknesses and remediation plans, maturity models for adoption.
The Person
- Professional consultant with experience in Information Security, Information Risk and IT Audit
- Experience of working in the Financial Services industry
- An understanding of Cybersecurity, Data Privacy & Protection, Business Continuity & ITDR,
- Information and Technology Risk Management and IT Governance.
- Workshop facilitation experience
- CISA/CISM/CISSP qualification
- Knowledge of information risk and control frameworks eg NIST, IRAM, ISO , COBIT
Morgan McKinley is acting as an Employment Business in relation to this vacancy.
Please note that any references to salary or pay rates in this advertisement and in the salary refinement section are indicative only and should only be used as a guide.