Cybersecurity Governance ConsultantGeneva Senior
Within the Project Office Section, seeks an APW to provide Security Governance services to facilitate the execution of projects that are either internal or externally done to provide service to a partner.
About the position
Under the direct supervision of Lead, Cyber security governance :
- Develop, implement and monitor strategic, comprehensive enterprise information security and IT risk management programs to ensure that the integrity, confidentiality and availability of information is managed and controlled by client organisations.
- Provide regular reporting on the current status of the information security program to senior management and business units as part of a strategic enterprise risk management program.
- Implement governance programs including an information security steering committee or advisory board.
- Create, communicate and implement process for risk management, including the assessment and treatment of identified risks. Work directly with business units and stakeholders throughout the organisation on identifying acceptable levels of residual risk. Report and oversee treatment efforts.
- Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.
- Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
- Develop and enhance an information security management framework based on the ISO 27000 standards. Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.
- Coordinate information security and risk management projects. Provide strategic risk guidance for IT projects.
- Manage security incidents and events to protect corporate IT assets, including intellectual property, sensitive data and the organisation’s reputation.
- Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
- Develop and oversee effective disaster recovery policies and standards. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.
- Liaise among external and internal stakeholders, including audit, legal and HR management teams as required, to ensure that the organisation maintains an appropriate security posture.
- Manage information security specialists and consultants.
- Perform other related duties and fulfil responsibilities as required.
- University degree (Bachelors’ degree) or equivalent experience in computer science, information systems, mathematics, statistics or related field.
Functional Knowledge and Skills:
- Minimum of seven years’ experience in information security, risk management, or IT-Security or security incident response or security testing related jobs.
- Experience in developing information security policies and procedures, as well as successfully executing programs.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT, etc.
- Ability to understand technical and business aspects of IT risk, and to communicate those risks to management, business and technical units so that the organisation can make informed decisions regarding appropriate levels of information security control.
- Strong analytical and problem-solving skills.
- Ability to act calmly and competently in high-pressure, high-stress situations.
- Excellent written and verbal communication skills, interpersonal and collaborative skills.
- High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgement and maturity.
- High degree of initiative, dependability and ability to work with little supervision.
- Ten (10) years or more of progressively responsible professional experience in information technology and/or related area, including at least five years (5) working in information security.
- Experience in medium/complex size projects
- Experience in managing / working in large ICT programs;
- Experience in producing technical documentation including user requirement documents, proposals in response to project requirements
- Experience in drafting processes and procedures documentation.
- Experience in working with Microsoft office tools and Microsoft Project.
- Certification in CISM, CRISC, CGEIT, CISSP.
Functional Knowledge and Skills:
- Experience in achieving and maintaining ISO 27001 certification
- Three years experience working in security consulting engagements
- Project management skills and ability to manage multiple projects under strict timelines.
- Chez ERNI, tu travailleras avec plus de 800 spécialistes hautement qualifiés : ce seront tes collègues, tes partenaires et tes soutiens présents en Suisse, Allemagne, Espagne, Slovaquie, Roumanie ainsi qu’aux Philippines et à Singapour.
- Ensemble, nous planifierons méthodiquement ta carrière. Nous proposons des parcours professionnels clairs, qui permettront de développer ton potentiel.
- Tu participeras à des évènements / Talk qui nous feront grandir ensemble.
- Tu travailleras dans un environnement où règnent confiance, passion et sentiment de responsabilité, au sein d’une entreprise prospère et en pleine expansion.
About the recruiter
Brulhart Elodie (ERNI)
Email: [email protected]
ERNI was founded in 1994 in Switzerland to develop innovative software for international companies and small to mediumsized enterprises. Today, the ERNI Group has more than 800 employees at 15 locations in 7 countries and continues to grow. Interested?