GRC Security Expert is part of Governance Risk and Compliance team. GRC Security Experts main focus is planning, establishing, developing, managing and implementing a security governance, risk and compliance framework that meets external and internal stakeholder expectations and is aligned to best security practice, as well as to regulatory and legislative requirements.
Your Role and Responsibilities
• Define, establish and implement organizational information security processes, to ensure business, regulatory, legislative and contractual requirements and obligations are met.
• Manage the internal and external ISMS audit processes, monitor effectiveness of controls and corrective actions in cooperation with the stakeholders across the organization.
• Manage gap analysis, compliance readiness, and compliance monitoring activities for ISO/IEC 27001, PCI DSS and other regulatory security audits.
• Coordinate external security audits, assessments and testing as well as remediation plans development and implementation.
• Identify, assess and monitor information security risks and recommend mitigation measures.
• Develop content, coordinate and facilitate a comprehensive organizational information security awareness training program.
• Manage security requirements with third parties, including due diligence of products and services providers and information security requirements clauses in service provision agreements and contracts.
Job Title GRC Security Expert
Reports to GRC Security Manager
Organizational Unit Information Security Department
Location Kiev, Ukraine
• Develop, coordinate and maintain information security policies, procedures and other security related documents.
• Analyze, map and communicate information security requirements, that derive from legislative and regulatory obligations in various jurisdictions.
• Serve as project manager/lead within security projects.
• Continually improve and update knowledge to accommodate changes to the company’s regulatory environment and needs.
Qualification, Skills & Experience Required
• Proven experience across security governance, risk and compliance domain.
• Strong communication skills and ability to interact professionally with a diverse group including executive management, managers and subject matter experts.
• Strong management skills, leading people, delegating tasks, setting goals and ensuring objectives are met in continuous and deadline-oriented activities.
• Experience in leading ISO 27001:2013 and PCI DSS certification and surveillance audits.
• Experience in leading and supporting information security risk assessments and management process.
• Pro-active, self-motivated approach and ability to work independently within a global security team.
• Bachelor’s Degree in Information Security, Information Assurance, Computer Science, Cybersecurity, Risk Management or equivalent work experience.
• Professional certification (CISSP/CISM and ISO 27001 Lead Implementer/Auditor or similar).
• At least 3 years of experience in Information Security.
• High proficiency in written and spoken English.
• Prior experience working within a SaaS/Online Gambling organization.
• Technical experience in IT infrastructure, networks, databases or software development.
• GRC Security Expert has the authority to initiate, plan, define and perform any and all tasks, assignments and processes, described in the “Role and Responsibilities” section of this document, to fulfill the responsibilities associated with GRC Security Expert position.
• The authority of GRC Security Expert is sanctioned by Playtech’s Senior Management and derives from the formal approval of the role definition and establishment process.