Description
IRM/Information Risk Management/Information Risk Analyst/Information Risk/Information Risk Consultant/GDPR/Remediation finding
IRM - Information Risk Management (x26 Open Positions)
Location: The Hague - Netherlands
Duration: 6 months Rolling - (Project Til 2021)
We are working on a number of projects in the area of Information Risk Management. One project is about addressing risks around shadow IT; identifying and mitigating risks involved in using applications that are not managed by central IT organization, but instead are procured and managed by the business. The other project is about implementing the new data privacy requirements, resulting from the new regulation from the EU, called GDPR.
Analyst information risks and controls
- Conduct risk assessments in collaboration with IT
- Delivery and Business staff and report the findings, and work with the business to implement controls required to mitigate the risks.
- More than 4 years in IRM roles
Responsibilities
- Conduct business risk assessments and recommend actions to manage identified risks.
- Conduct risk-based reviews of applications to ensure they meet security architectural & design principles, and ensure compliance with all requirements and guidelines
- Provide authoritative guidance on the application and operation of controls
Job knowledge requirements
- Has a strong practical knowledge of IRM developments and practices.
- Has detailed knowledge of the risk methodologies and of professional threat data. Demonstrates good practical knowledge of IRM concepts and practices.
- Possesses an understanding of the business applications of IT.
- Has proven expertise in business analysis techniques.
- An IRM analyst, capable of remediating findings, resulting from GDPR Gap Assessments, such as:
- Writing Data Disposal Plans
- Sensitive personal data risk and control assessments
- Access control matrices
- Consent models
- Knowledgeable about IRM assessment and remediation frameworks
- Experienced and versed in GDPR regulations - assessments and remediation
- Excellent communication skills, both written and oral, as individual will regularly engage with Business stakeholders, including senior Business Leaders.
- Essential to have experience in working in highly complex environments
- Individual needs to be a self-starter, capable of driving the remediation activities forward without the need for micro-management.
- IRM certifications such as CRISC, CISM, CISSP, CISA are a plus
- Experience in RSA ARCHER IRM toolset is a plus
IRM/Information Risk Management/Information Risk Analyst/Information Risk/Information Risk Consultant/GDPR/Remediation finding