Job Search

Information Security Officer GRC

Job Title: Information Security Officer GRC
Location: Sydney
Reference: 31893434
Contact Name: reece
Job Published: November 16, 2020 13:47

Job Description

We're working with a prestigious National Australian organisation who are looking for an Information Security Governance Specialist assists the Information Security Manager to assess and evaluate business data/ information risks, relevant data protection and privacy regulations as well as applicable industry standards such as Payment Card Industry Data Security Standards (PCI DSS) and ISO 27001/ ISO27002 leading practices. You will assist in formulating, implementing and maintaining data/ information security governance frameworks, policies, processes and practices across the organization. You will also assist in identifying and managing third-party related risks, following-up on risk mitigation actions with relevant internal and external stakeholders as well as maintaining up-to-date records of third-party related risks.

What you will be responsible for:
  • Establish, build and maintain strong relationships with business unit management
  • Formulate and maintain data/ information security governance frameworks, policies, processes and practices aligned with applicable data protection and data privacy regulations, contractual obligations, Payment Card Industry Data Security Standard and ISO 27001/ ISO 27002 leading practices.
  • Communicate data/ information security governance priorities across the organization and plan, coordinate, monitor, report and advise on the status of key priorities
  • Coordinate, implement and maintain tools, processes and practices to support the effective implementation, operation and continual improvement of the Information Security Management System across the organization
  • Embedding data protection and data privacy regulations, contractual obligations PCI - DSS Standards ISO 27001/ ISO 27002 leading practices
  • Establish, implement and maintain effective tools, processes and practices to support Incident and Problem management
  • Establish, implement and maintain effective tools, processes and practices to enhance data/ information security awareness across the organization
  • Maintain up-to-date knowledge of relevant government and state regulation as well as the nature and type of business operations to enable effective assessment of data/ information security risks
  • Maintain up-to-date business data/ information risk registers (legal/ regulatory requirements, systems/ information ownership, user access matrices, awareness training, suppliers/ third parties, supplier security assessments, PCI DSS compliance, risks/ corrective actions, security exceptions, etc.)
  • Formulate and maintain up-to-date information stores, user guides and advisories to assist business managers/ information owners effectively manage data/ information security risks
  • Coordinate, facilitate and/ or conduct information security and PCI DSS awareness and training
  • Coordinate necessary business legal and regulatory compliance assessments in relation to data/ information governance and security.
Position Selection Criteria Technical Competencies
  • Five years’ experience covering business analysis, information security and project management
  • Experience in assessing and managing business process, supplier, system, IT and project risks
  • Experience in ISO27001/ ISO27002 and other information security risk management frameworks
  • Experience in facilitating workshops and focussed business meetings to achieve consensuses
  • Good understanding of data protection and privacy regulations
  • Good understanding of PCI DSS requirements, payment touch-points and related business process
  • Degree qualified or significant experience in Information Security, Business Analysis or Project Management
  • Significant experience in managing/ coordinating business-focussed data/ information security governance projects
  • Experience in conducting data/ information security governance workshops and user awareness sessions
  • One or more IT/ information security certifications will be considered an added advantage (CISSP, CISM, CISA, ISO27001 Lead Auditor/ Lead Implementer).
If you are interested in hearing more about this role, apply now!

Get similar jobs like these by email

By submitting your details you agree to our T&C's