.D-ploy is an IT and Engineering Solutions company with operations throughout the EMEA region including Switzerland, Germany, Czech Republic, Austria, UK, as well as the USA.We pride ourselves on delivering innovative and superior services and solutions to numerous industry-leading clients. By building relationships and trusted partnerships within the IT community, we optimize our customer's IT productivity and contribute to the organization's success and value.We are interested in talking to engaging, flexible, and solution-oriented individuals who are looking to become a part of a dynamically growing and international organization. We are focused on creating value where IT counts, join us!Tasks and ResponsibilitiesSupport the design and improvement of the information security framework (ISF): policies, controls, procedures using the NIST Cyber Security Framework; including third party risk management.Assess new and existing systems, data flows, business processes, and third party providers engagements and services to implement and verify compliance to the ISF reporting identified risks and issues to systems, processes and third party providers owners.Perform information security risk assessments such as but not limited to: security business impact analysis (BIA) and business dependency analysis; security controls plans; controls maturity assessments; third party provider risk profiling, risk assessments and audits.Maintains the information security risks and issues registers, deliver high quality reports and run information security committees meetings with business and IT mangement to manage risks.Support the design and improvement of the third party information risk management policies, controls and procedures. Assist or lead assessment of information security risks arising from engagement with third party providers and drive remediation efforts.Drive the design and implementation of a GRC platform including functional requirements, reviewing process designs, rolling out the new processes to the business and IT teams.Support in the administration and maintenance of the GRC tool.Design, improve and periodically report security key risk indicators and metrics to IT and business management to support continuous improvements and increase security maturity in our business processes.Designs, and delivers the security education training awareness program (SETA) across all business functions. Manage external resources supporting the security awareness activities.Desirable: Experience in implementing controls and managing compliance risks in regards to GXP regulated systems, data protection regulations such as EU and UK GDPR, CCPA, and cyber security regulations such as the EU NIS2, and the USA SEC Disclosure Requirements