With a primary focus on the overall compliance of BMIT Technologies, as an Information Security (GRC) Specialist you will be responsible for the implementation and maintenance of controls, processes and audits required for the implementation, maintaining, and improving of BMIT Technologies
- Information Security Management System (ISMS)
- PCI DSS Compliance
- Other BMIT compliance programmes
Overall, this would include:
- Overall management of BMIT’s compliance programmes including ISMS and PCI DSS
- The implementation and maintenance of policies and procedures
- Leading security awareness campaigns across all organisations
- Supporting the internal teams with regulatory security requirements focusing ISO27001 and PCI DSS
- Coordination of GDPR requirements and liaison with BMIT’s DPO with respect to GDPR related matters
- Support in internal audits, e.g. through data analysis, audits of systems, functional audits of IT environments;
- Analysis and evaluation of IT-supported business processes regarding business efficiency and quality, possible risks and compliance with internal and external compliance requirements.
- Compliance project management and implementation in coordinate with other stakeholders, both internal and external
- Develop and maintain BMIT’s Information Security related policies, procedures, and work instructions.
- Ensuring the continual improvement of BMIT’s ISMS, PCI DSS and GDPR programmes
- Assisting with the design of information security processes, policies, and procedures
- Performing periodic audits of key security controls, processes, and audits to ensure operating effectiveness
- Contribute to the development of appropriate security KPIs, objectives and strategies, towards improving the BMIT’s security posture and security maturity.
- Maintain and improve the security education, training, and awareness framework.
- Performing information security risk assessments
- Maintain BMIT’s Security Risk Register and liaising with other relevant parties within the organization
- Contributing to the ISMS Committee
- Providing advice on ISO27001, PCI DSS and other relevant compliance standards
- Participate in regulatory audits and assist Legal and Compliance teams as may be required.
- Assist teams in supplier onboarding risk assessment process
- Project Manage assigned projects, developing project scopes and objectives, involving all relevant stakeholders, and ensuring technical feasibility.
- Perform assignments from beginning to end (identification of risks, controls, weaknesses, recommendations, best practices, sampling, reporting, etc.)
- Identify significant risk exposures relating to control processes and make appropriate recommendations.
- Perform IT audit action item follow-ups on previously raised findings.
Establish and maintain relationships with internal departments as well as third parties/vendors
- You have been working for an auditing company in the field of IT audit/IT advisory for at least 2 years or have comparable experience in industry (e.g. IT compliance, ISO27001, ITIL, IT security.)
- Bachelor’s degree in Information Systems, Computer Science or a relevant area.
- Good understanding of ISO27001 and SOC requirements
- Knowledge of GDPR Law
- Ideally, you have certifications such as CISA or CISSP
- Natural problem solver, having a pro-active approach, self-motivator and self-driven
- Excellent written and oral communication ability in English
- Strong work ethic, methodical and good attention to detail
- Sound decision-making ability and ability to deliver quality work even under pressure situations
- Ability to multitask and prioritize tasks that are important and urgent
- Ability to understand complex issues and resolve them in an accurate and timely fashion
- Strong willingness to learn
- You take responsibility for projects that may be complex.
- Experience in managing a team would be considered as an asset