Browse
···
Log in / Register
Job Summary: Information security risk management and regulatory compliance professional, focused on conducting analyses, tracking action plans, and managing third parties, with experience in executive-level reporting. Key Highlights: 1. Experience in information security risk management and compliance. 2. Knowledge of key standards and regulations (ISO 27001, NIST CSF, DORA). 3. Use of GRC tools and AI-driven automation for efficiency. **Responsibilities and Duties** **Risk Management** * Development and maintenance of risk analyses and control frameworks aligned with ISO/IEC 27001, NIST CSF, ENS, and DORA. * Tracking of treatment plans: status, progress, and effectiveness of defined measures. * Monitoring of non-conformities and corrective actions until closure, ensuring traceability and evidence. * Support in the operation and evolution of GRC tools (Archer, OneTrust, Formalize or similar). **Third-Party and Supply Chain Management** * Support in the evaluation and onboarding process of suppliers from security and risk perspectives. * Lifecycle tracking of third-party risk: periodic assessments, questionnaires, finding management, and continuous monitoring. * Collaboration in developing and updating the inventory of critical suppliers. * Support in automating assessment processes using tools. **Dashboards and Reporting** * Development and maintenance of risk and compliance dashboards for senior leadership and the CISO. * Consolidation of metrics and key indicators (KRI/KPI) that clearly and actionably reflect the organization’s security posture. * Support in preparing periodic reports for risk committees, internal audit, and regulators. * Translation of technical information into executive language to facilitate decision-making. **Knowledge and Experience** * **Experience** in information security risk management and regulatory compliance frameworks. * **Knowledge** of standards and regulations: ISO/IEC 27001, NIST CSF, ENS, DORA, NIS2, and GDPR. * **Ability** to interpret regulatory requirements and translate them into practical, verifiable controls. * Knowledge of business continuity and crisis management (e.g., ISO 22301, desirable). * Experience or knowledge in third-party and supply chain risk management. * Solid understanding of **cybersecurity technologies and information systems**. * Proficiency with **GRC tools** (Archer, OneTrust, Formalize or similar). Familiarity with PILAR tool and MAGERIT methodology is desirable. * Ability to **identify and implement efficiencies through process automation and AI tool utilization**, contributing to continuous improvement of GRC operations. * **English B2\.** Reading of international regulations and fluent communication with global teams.
