Job description

SAC is a consulting and staffing company based in Seattle specializing in Governance, Risk and Compliance for cyber security for various industry verticals include Finance, Insurance, Healthcare and Public Sector.

We are currently recruiting for an international insurance and finance company. The details about this role are mentioned below:

About our client

With a global team of more than 6,000 professionals, our client is a specialized professional services and technology firm partnering with leading organizations in highly regulated and global businesses including insurance, financial services, utilities, and regulatory bodies.

Our client helps manage risk, operate core business processes, and to transform and grow. Our client deliver operations, consulting and technology solutions across the risk and insurance value chain, including excellence in claims, underwriting, distribution, regulation, customer experience, human capital, transformation and change management.

Job Overview

We are looking for an Information Security & Risk Manager to lead compliance and alignment with the division(s) to the Group’s Information Security policies and frameworks including identifying potential compliance gaps, assessing, and mitigating all identified issues while working with the cyber team supporting the division(s) in managing incidents or breaches. You will engage proactively across the division(s) to drive continuous improvement as well as ensure information and cyber risks are identified and that appropriate risk treatments are utilized in line with business objectives. You will maintain a hands-on approach to InfoSec and Risk which includes maintaining the ISO27001:2013 certification and other industry standard frameworks and demonstrate an ability to work collaboratively with various stakeholders to ensure success with all InfoSec, Risk and GRC related programs. You will be a key part of the team, working within a global professional services and technology firm that prides itself on providing the highest standards of service to its.

Responsibilities and Duties

• Ownership of divisional ISO 27001 management system (ISMS) and its ongoing maintenance and improvement across the aligned Division(s)
• Perform internal audits as per schedule or as needed basis
• Capture and document ISO objective metrics and report centrally
• Present divisional updates to the Information Security & Risk Management Committee
• Recommend and Implement procedures to comply with ISO27001
• Collaborate with the Group Head of Risk and Infosec to develop the InfoSec strategy and maintain an on-going program of security testing
• Identify vulnerabilities or failures in Information Security and drive appropriate improvements
• Liaison with HR/IT/Cyber teams to deploy program of security awareness and training
• Review 3rd party security controls and respond to partner security due-diligence requests

Qualifications

• Valid Professional certification (ISO 27001 Lead implementer/CISM/CISSP/CRISC)
• Working knowledge of Privacy, Data protections regulations and best practices
• Comfortable performing regular internal audits
• Develop and implement policies that balance business objectives and information security
• Working knowledge and ability to execute infosec best practices and approaches

Experience

• 5+ years of experience in an InfoSec & Risk Management role
• Significant experience maintaining ISO27001 and managing external audits is required
• Demonstrable experience in building relationships across the organization to develop buy-in to InfoSec matters
• Proven experience of assessing and managing risk

Knowledge, Skills, & Abilities

• Self-starter with an ability to define and drive deliverables from inception to completion
• Excellent communication skills to collaborate and lead audiences ranging from technical staff to managerial to leadership roles within the organization
• Exceptionally well organized and focused with a high level of attention to detail
• Dedicated to the security discipline but pragmatic and adaptable with the tenacity to get things done
• Continuously strives to improve self and surrounding team members
• Discretion when handling confidential information

Essential Requirements

· Travel up to 25%

Job Type: Full-time

Pay: $90,000.00 - $95,000.00 per year

Experience:

• Information security manager: 4 years (Required)
• ISO 27000: 2 years (Required)

Work Location: Remote

johnandkristie.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, johnandkristie.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, johnandkristie.com is the ideal place to find your next job.