We are looking for a security consultant to be part of the GRC projects for one of our clients.
What are we looking for?
We are looking for people with technical education (Advanced cycles of professional training, Bachelor's degree in Computer Science, a related field, or equivalent) with 3 years of experience in security risk assessment, security audit and compliance and/or security risk remediation roles.
Fluent in Spanish and English will be necessary.
We value experience in: Skills on building automated solutions for large data sets, KPIs monitoring and security dashboards.
A solid background in designing and providing Information Security solutions within a Financial Services company.
Ability to audit vulnerabilities and provide/validate risk remediation action plans.
Good knowledge of cloud security (Microsoft Azure, AWS).
IT/IS assurance experience gained by working on projects.
Good Knowledge of current technological trends and developments in the area of information security.
Expert in process design analysis & designing secure solutions.
Experience in receiving Information Security audits and their requirements.
Experienced in defining high quality information security policies and security related processes and procedures.
Knowledge of software development & security, expertise in Secure Development Life Cycle.
Broad knowledge of general and security technology and standards, such as server security, firewalls, networks, TCP/IP, encryption.
Knowledge of ISO Standards ISO27001/2.
Knowledge of PCI DSS.
Knowledge of GDPR requirements and other legislation which govern Information Security.
Any of the following would be a plus: Recognised IS qualification like ISO 27001 Lead Auditor or Lead Implementer.
Experience in internal PCI DSS assessments and delivery of attested SAQs.
Experience in regular reporting on PCI DSS compliance status, action plan execution & KPIs to C-level stakeholders.
Master's degree in cybersecurity.
Have relevant certifications such as CEH, OSCP, OSCE, CISSP, CISA, GIAC.
What challenges and tasks can you find in this job?
Collection and monitoring of KPI's defined in company strategy.
Collaborate with and support the Group Security Practice.
Interactions with CSO, CISO, Regional Security Officer and other stakeholders as necessary to ensure presence, quality and effectiveness of processes & controls.
Develop and maintain repeatable, documented processes to identify and collect risk conditions, facilitate remediation, and monitor remediation.
Build automated solutions for risk monitoring and reporting on key risk indicators for GRC and central Security teams, including PowerBI dashboards.
Support, drive and report on entities risk assessment execution following company defined methodology.
Identifying payment card data flows, defining local Cardholder Data Environments and creating local data flows that includes people, processes and technologies involved.
Regular reporting on ISO 27001 compliance status, action plan execution & KPIs to C-level stakeholders.
Information Security Risk Assessments.
Implementation and development of Information Security Management System.
Information Risk Management: creating risk mitigation plans, data entry, tracking planned activities.
Preparing and conducting security awareness trainings, Information Owner trainings.
Implementing security in life cycle of the projects.
What are we offering?
Type of contract : indefinite full-time contract (from Monday to Friday).
Location : Barcelona, Zaragoza or Madrid (full remote from other locations is possible).
Salary : to be determined.
Flexible Compensation Plan : food card, transport card, medical insurance and training.
Work Life Balance : flexible work environment.
#J-18808-Ljbffr