GRC Consultant

Reporting to the Group CISO, you will lead Governance, Risk and Compliance (GRC) work for Information Security. Although the key focus of the role is the maintenance of the Information Security Management System (ISMS) aligned to ISO 27001, you will also help develop a Control Assurance function to advise on and monitor information security risks, control failings and industry framework alignment.

• Manage the ISMS including maintenance of the current ISO 27001 certification scope as well as strategic expansion across the customer s organization.
• Support the management of information security governance for the organization, ensuring adherence to group policies and standards.
• Work closely with the Group CISO to ensure key information security risks and issues are identified, addressed and resolved in a timely manner.
• Coordinate periodic security testing (e.g. penetration testing) in coordination with the Application Security Team and prioritise and manage response activities.
• Run employee awareness campaigns, and coordinate for use cases around Phishing Simulation across the organization.
• Work closely with the Information Security Operations team; assist the CISO in providing oversight and challenge to the First Line of Defense team.
• Assist with updating the Third-Party Risk Management framework including policy, procedures, due diligence questionnaires and the monitoring of third parties adherence to information security and data privacy obligations.
• Assist with the client management aspects of the Information Security team, including client and potential client questionnaires; help design a more effective process including a self-service process and a library of standard responses. Provide insights on overall GRC with Weekly updates which covers overall InfoSec and compliance status.
• Develop relevant metrics, analyse data, identify trends and help drive improvements to the control environment.
• Assist the Group CISO in GRC and general information security issues as required, including interaction with the Security Operations team, Technology teams and business leaders.

• Experience of leading an ISMS as part of an ISO27001 certified programme.
• Recent experience of working in a similar capacity in a financial services organisation.
• Excellent interpersonal skills, comfortable working at all levels within an organisation and in a wide variety of situations.
• Relevant industry certification (e.g. ISO 27001 Lead Auditor, CISSP, CISM, etc.) is
  preferred
• Broad level of knowledge of security and risk issues and techniques across platforms.
• Excellent knowledge of methodologies, processes and tools associated with supporting this function effectively. Personal Qualities:
• Self-motivating and able to work under own initiative.
• Professional with a strong work ethic.
• Able to thrive in a highly pressurized and changing environment.
• Diplomatic with the ability to interact successfully with all levels of the business.
• An ability to translate security requirements and standards into easily understood
  business concepts and vice versa.