Information Security GRC Engineer
LUXEMBOURG IT development
Job description
In this role, you will manage Information Security Risk and Compliance program. Work with cross-functional teams and interface with third-parties to support compliance and risk management activities.
Upon joining the team you will be in charge of the following responsibilities :
Compliance and Risk Management
· Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk;
· Coordinate the treatment of non-conformity with, and exceptions to, the Information Security Policy, norms and laws (ISO27001, GDPR);
· Address technical policy, compliance and regulatory issues;
· Provide efficient contract reviews;
· Contribute to the Firm's RFP submission processes in the Security related sections of those processes;
· Stay abreast of regulatory and norm changes affecting KPMG Business and information Security (in particular ISO27000 series and GDPR);
· Governance and Project Management
· Develop a risk decision framework to help understand critical areas;
· Work with Information Security Officer, NITSO and QRMP to build cohesive security and compliance programs
Risk Management
· Establish Risk Management Framework Processes and Tools;
· Coordinate and perform the assessment and analysis of information security risks and monitors compliance with security standards and appropriate policies;
We are looking for a candidate with the following qualifications and skills:
· Master level or equivalent in IT - specialty in Information Security;
· At least 3 years of experience with information security concepts and practices with experience in a Compliance and/or Information Security Risk Management;
· Experience implementing ISMS frameworks in relation to ISO 27001;
· Experience with Information Security Risk Management Framework (ISO27005) and Tools;
· Knowledge of IT Domain (Infrastructure, software development and Data protection);
· ISO27001 Lead Implementer, ISO27005 Risk manager certification could be an important asset
· Project management skills;
· CISSP, CISM or similar certifications could be an important asset;
· Fluency in English is required; Knowledge of French or German would be an asset.
Interested in learning more about this challenge? We are looking forward to hearing from you!