For a first-class company, we are looking for a Security GRC Officer:
Requirements / Skills
The SGRC Officer is part of the team responsible for delivering governance, risk management, and compliance elements of the information security strategy. This includes creating information security policies, managing information security risks, providing training, and reviewing information security procedures.
Typical Duties and Responsibilities
Implement security controls, risk assessment frameworks, and programs that align with regulatory requirements, ensuring documented and sustainable compliance that supports the company's business objectives.
The Security GRC Officer will develop, implement, and maintain security governance, risk management, and compliance strategies to protect the organization's information assets. This role requires expertise in regulatory frameworks, risk assessments, and policy enforcement to ensure compliance with industry standards and cybersecurity best practices.
Key Responsibilities :
1. Governance :
2. Develop and maintain security policies, standards, and frameworks in line with industry best practices (e.g., ISO 27001, NIST, PCI-DSS).
3. Ensure alignment of security governance with regulatory and business objectives.
4. Work closely with internal and external auditors to support compliance audits and assessments.
5. Identify, assess, and mitigate security risks across IT and business functions.
6. Conduct risk assessments and implement control measures to protect critical assets.
7. Develop and maintain the organization's risk register, ensuring timely reporting and risk mitigation.
8. Collaborate with stakeholders to improve the organization's security risk posture.
9. Compliance :
10. Ensure compliance with local and international banking regulations (e.g., GDPR, PSD2, SWIFT CSP).
11. Monitor changes in security regulations and update policies accordingly.
12. Conduct security awareness programs and training for employees.
13. Manage security incidents, investigations, and reporting in line with regulatory requirements.
This position is typically office-based with options for remote work (homeworking). It may require on-call availability for incident response.
Qualifications & Experience :
Bachelor's or Master's degree in Cybersecurity, Information Security, Risk Management, or a related field.
Professional certifications such as CISSP, CISM, CRISC, CISA, or ISO 27001 Lead Auditor / Implementer are highly preferred.
Strong knowledge of regulatory requirements, risk frameworks, and control methodologies.
Experience with third-party/vendor risk assessments and audit processes.
Excellent analytical, communication, and problem-solving skills.
Languages : Italian, English (German is a plus).
#J-18808-Ljbffr