.Company Description: We are SGS – the world's leading testing, inspection and certification company.
We are recognized as the global benchmark for sustainability, quality and integrity.
Our 99,600 employees operate a network of 2,600 offices and laboratories, working together to enable a better, safer and more interconnected world.Job Description: The Senior GRC Security Engineer will be part of the Technical Security Office (TSO) and will play a critical role in protecting the organization's assets, ensuring regulatory compliance, and managing cyber risk.Specific Responsibilities: Implementation and Monitoring of Security Controls: Manage the technical security architecture of the organization, implement protective measures, and ensure their effectiveness across the IT environment.Development of Security Policies and Procedures: Create, review, and update security policies, procedures, and hardening guides to ensure regulatory compliance and best practices.Support for Customer Assessments: Provide support for customer-requested security evaluations, ensuring alignment with the organization's security standards.Management of Security Exceptions: Evaluate, manage, and document security exception requests, ensuring associated risks are appropriately controlled.Support to Business and IT on Security Requirements: Advise business and IT areas on matters related to information security requirements, ensuring that controls are effective and integrated into operational processes.Support for Third-Party Audits: Collaborate on external and internal audits, including ISO 27001 certification audits, financial audits, ITGC (IT General Controls), and other compliance reviews related to information security.Projects: Conduct security assessments, findings, product evaluations, and propositions for further system security enhancement & S-SDLC.Compliance and Audits: Ensure compliance with information security regulations (ISO 27001, GDPR, NIST, NIS2, IA EU Act, etc) and assist in internal and external audits.Governance and Risk Management: Participate in the development and review of security policies, as well as in the identification, assessment, and mitigation of cybersecurity risks.Evaluation of Security Technologies: Participate in the assessment of security technologies, identify and define system and security requirements, baselines and controls for both the existing environment and new developments in IT infrastructure.Collaboration Across Departments: Work with IT, Development, Business lines, and Human Resources departments to ensure that security controls are effective and that policies are correctly applied.Business Continuity: Design and document business continuity strategies to minimize disruptions in operations due to unforeseen incidents, such as cyber-attacks, natural disasters, or system failures, ensuring BCP aligns with organizational risk management strategies and regulatory requirements