Description
Information Security Risk Manager - ISMS Implementation
The Risk management division provides high quality and independent assurance that the relevant risks taken to achieve company vision are identified and controlled within the risk appetite.
Role:
Main mission:
Two areas of focus
1. Threat monitoring
Design and implement an information security management systems (ISMS) Risk Universe:
- Moving to a dynamic approach to strategic IS risks monitoring, complementing the first line activities.
- Covering all domains, locations and threats.
- Supporting strategic initiatives and risk assessments planning.
The mission will include:
- Reviewing the IS threats list
- Designing a risk assessment model including different dimensions depending on the threats
- Ensuring the link with the current Risk Universe
- Start populating the ISMS Universe.
2. Security incidents management
Embedding the security incident management process in the organization:
- Delivering training and awareness to key stakeholders (IT, business, Risk and Compliance)
- Testing processes: developing and delivering escalation tests.
- Reviewing incident management tools.
Profile:
Essential skills
- At least 10 years of experience in Information security management or Risk Management;
- Good understanding of, and practical experience of applying IS policies, procedures and standards;
- Excellent oral and written communication skills as the mission will include strong interactions at all levels in the company;
- Experience in defining asset classification model and drafting policies.
Other skills:
- Analytical and critical mindset;
- Capable of reviewing and approving technical design documents;
- Practical experience of conducting Risk Assessments;
- Good knowledge of international security standards such as CObIT, ITIL, ISO 27000 series;