Trūata is now recruiting for an Information Security Risk & Compliance Lead to join their Information Security Management Team. This role will be a key member of Trūata’s Information Security Team and will be expected to work closely with stakeholders and control owners across the business to monitor, and drive incremental improvement in the suite of controls which underpin our Information Security Management System. The successful candidate will have full autonomy to establish suitable ways to monitor key controls and will be required to work with the CISO to enhance the content of the ISMS as the technology environment evolves. Another key aspect will be oversight and maintenance of the Information Security Risk Register, engagement in internal/external audits and customer due diligence. An understanding of risk and control frameworks and a working knowledge of cloud deployment models (including the share responsibility model) would be very beneficial in this role. We are an Agile organisation which uses Scrum.
- Design and establish or transform IT risk management, governance, and compliance programs
- Advise on, develop, and implement processes around risk identification, assessment, and remediation, including issues management, exception management, vendor risk management policy management, and security incident and vulnerability response.
- Collaborate with stakeholders across the business to ensure controls are understood, embedded and are operating effectively
- Play a key role in ensuring the ISMS documentation remains current, contributing to in line with enhancements across people, process and technology as we evolve
- Act as a key stakeholder in Governance, Risk and Compliance efforts across the business, including responsibility for the maintenance of the Information Security Risk Register and acting as a member of the Enterprise Risk Forum
- Work with the CISO, Security Architecture and other key stakeholders to drive necessary control improvements on a risk-prioritised basis
- Participate in both external and internal audits of the ISMS and accompanying control environment
- Develop key risk-related metrics and report on these at various governance fora, including Board
What you need:
- 5+ years experience in relevant area
- University degree in a relevant discipline is a MUST
- Knowledge of Cloud deployment models and how to assess and monitor risk in these environments would be very useful
- Demonstrable experience of implementing risk & control frameworks (e.g. ISO27001, PCI DSS, COBIT, NIST)
- The ability to understand technology and the types of controls available to effectively mitigate risk
- Strong documentation, reporting, communication and interpersonal skills required
What else we value:
- Security/Audit Certifications (CISSP, CISA, CISM, CRISC etc)
- A proactive individual that gets things done with limited supervision
- Experience working in an Agile environment
We take pride in offering an energetic and contemporary employee experience, supported by and array of benefits that provide our employees and their families with flexibility, quality and value. These include excellent health insurance, contributory pension scheme and free lunches!
Founded by Mastercard and IBM, Trūata delivers privacy-enhanced data management and analytics solutions to help clients unlock business growth while protecting customer privacy. Trūata has recently been awarded ISO 27001:2013 certification for its Information Security Management System (ISMS). We are based in Sandyford Dublin 18.
Click here to learn more about the Trūata Anonymization Solution.