Churchill and Harriman

SUMMARY OF ROLE AND OBJECTIVES:

The Transitions Security Consultant is bridging between businesses undergoing transition (integration with corporate IT landscape), the IT Transition & Transformation teams and the Information Security & Business Continuity GSC (group security department). He/she is in charge of supporting the implementation of Information Security policies by Legal Entities under transition. He/she supports the local business and the transition teams to identify relevant Information Security requirements for transitions and facilitates establishing cooperation between a Legal Entity after transitions with the Information Security department.

ROLE & OBJECTIVES:

Specific Assignments:

• The main responsibilities of the Transitions Security Consultant are:
  • Support the business and the transitions teams during integration projects;
  • Executing self-assessments based on ISO27000 to measure the security status;
  • Review the security architectures proposed during the transitions and advise the business and the transition teams in analyzing the risk and prioritizing tasks;
  • Execute the entity’s awareness program;
  • Bridge Information Security requirements to business processes and business infrastructure (e.g. physical access control, alarm systems, etc.) and ensure that both technical implementations and processes are aligned during transition and after.

Other Assignments:

• Update Information Security Reporting and KPIs.
• Manage execution of localized Information Security specific projects.

EVOLUTION:

The entity is still building up their Information Security and Business Continuity organization with documented success of the information security organization, local as well as international opportunities for further development of the candidate will materialize.

QUALIFICATIONS AND EXPERIENCE REQUIRED:

Minimum of 5-7 years of professional consulting or enterprise experience as an Information Security or IT Security / IT Audit professional.

Required

• Experience in the reviewing proposed solutions from security standpoint
• Solid experience in Information Security standards, such as
  • ISO 27000
  • NIST cybersecurity framework
• Solid experience in translating Information Security requirements into IT Security controls and measures
• Experience in understanding business requirements and aligning them with Information Security Policies;
• Skilled in performing risk assessments & classifying information assets
• Ability to work with limited supervision

Appreciated

• Relevant Information Security Certifications such as CISM, CISA, CISSP or equivalent

Personal profile

• Strong communication skills (concise writing and orally convincing);
• Strong interpersonal relation skills;
• Ability to work in a complex international environment with a remote reporting line;
• Eager to learn and continuously develop personal and technical capabilities.

Education required:

• B.Sc. or M.Sc. in Information Technology or Information Security;
• Languages: fluent English;
• Driving License: yes.

Position includes Travelling:

• 40 – 60 % within and occasionally outside geographical scope;
• Percentage of time: 100%
• Driving license required: yes

Job Summary: Reviewing, creating and implementing a strategy for the deployment of information security technologies, tracking latest IT security innovations and keeping abreast of latest cyber security technologies, ensuring business resilience and continuity, communicating with key stakeholders about IT security threats, implementing an effective process for the reporting of security incidents, developing strategies to handle security incidents and trigger investigations, complying with the latest regulations and compliance requirements

Responsibilities and Duties

• Conducting a continuous assessment of current IT security practices and systems and identifying areas for improvement
• Running security audits and risk assessments
• Delivering new security technology approaches and implementing next generation solutions
• Ensuring compliance and governance is met
• Driving change projects and building new IT capabilities
• Devising strategies and implementing IT solutions to minimize the risk of cyber-attacks
• Reviewing, analyzing and delivering data information
• Communicating digital programs and strategy to a range of stakeholders

Competencies:

• Ability to adapt to a fast-moving IT landscape and keep pace with latest thinking and new security technologies
• A passion for technology and security safeguarding with a desire to deliver
• Thrives on change, showing an impressive ability to drive the IT security strategy forward
• Analytical mind capable of managing numerous information sources and providing data analysis reports to senior management
• Strong customer focus – able to meet the demands of internal and external customers
• Excellent communication skills – providing verbal and written communication that is outstanding to both direct reports and senior management as well as other stakeholders
• Flexible and adaptable – capable of changing direction where required and showing flexibility to meet new demands
• Forms business partnerships that help drive the IT security strategy forward
• Can make decisions that are well informed and timely
• Creative thinking – able to look at alternatives and consider new ways of thinking to problem solve
• Innovation: Displays original thinking and creativity; meets challenges with resourcefulness; generates suggestions for improving work; develops innovative approaches and ideas; improves processes, products and services
• Writing and editing: Demonstrates the competency required to present complex concepts in language accessible to non-technical and non-specialist personnel; must accurately edit the work of others; produces written works of their own or others that is completely mature, grammatically sound and effectively communicates required concepts and directions

Language Skills: Proficient in English. Ability to read, analyze, and interpret IT-specific questionnaires and documentation as it relates to functional area. Ability to read and write reports and business correspondence. Ability to effectively present information and respond to questions.

Reasoning Ability: Ability to define problems, collect data, and establish facts with accuracy and thoroughness; ability to draw valid conclusions. Ability to comprehend and interpret abstract and concrete variables.

Decision-Making: High degree of decision-making responsibility, can operate effectively and in alignment with general guidance without constant referral to senior management.

Education and/or Experience:

• Bachelor’s degree from four-year college or university
• Eight+ years related experience and/or training in the following:
  • Developing security policy & procedure
• Desirable to have one or more of the following certifications:
  • CISA
  • CTPRP
  • Certified ISO 27001 Lead Auditor
  • CRISC – Certified in Risk and Information Systems Control
  • CSMP

SUMMARY OF ROLE AND OBJECTIVES: This position is a contract role estimated to be 6 – 12 months in duration and the individual will be responsible for developing, and supporting the build and maintenance of risk driven policies, standards, and controls framework established for a financial services enterprise.

ROLE & OBJECTIVES:

• Review, test, and evaluate information risk policies, standards and controls. Suggest improvements and report on standards and controls conformance
• Refer areas of non-conformance to accountable individuals for appropriate and timely remediation to ensure an effective overall system of controls 
• Interface with internal team members and key stakeholders to provide visibility into identified gaps
• Collaborates with other control areas including Corporate Audit, FRR/SOX and IT Controls to oversee and report on IT conformance
• Participate in coordinating the annual recertification of information risk policies, standards, and controls. Controls will be developed by the teams most responsible for the work in collaboration with other subject matter experts
• Participate in developing a self-service solution for visibility into policies, standards and controls (role applicability and conformance)
• Evaluate existing information risk controls and consult with technology or process owner in developing of new controls, as needed
• Communicate and champion the policies, standards and controls
• Strengthens ownership & accountability for control conformance
• Implement excellent oral and written communication skills, including ability to make effective presentations, create any necessary controls governance artifacts, create and deliver policies, standards and controls awareness or training artifacts, and interact effectively with multiple levels of employees and management
• Provide ongoing communication of conformance posture for enterprise with respect to information risk policies, standards and controls, including providing regular status updates
• Manage multiple tasks and perform work with a reasonable level of supervision

QUALIFICATIONS AND EXPERIENCE REQUIRED:

• Must have exceptional communication (written and verbal), collaboration and influencing skills. 
• Demonstrated experience with process execution and improvement
• Demonstrated analytical and diagnostic skills required
• Prior experience in auditing, controls assurance, quality assurance, or business analysis
• Excellent interpersonal skills to develop productive, positive working relationships with stakeholders to achieve goals
• Intermediate MS office and business software skills

Preferred Qualifications:

• CISA Certification or ITIL Foundations Certification
• Experience with information risk controls or enterprise level IT systems
• Knowledge with IT frameworks such as COBIT, ITIL, ISO, NIST.
• Experience with GRC workflow application
• Bachelor’s degree in Computer Science, Business Administration or 8-10 years of equivalent experience in information security governance concepts.

Job Location

• Position is located in the Hartford CT/Springfield MA region