Korek Telecom

303 views
Governance, Risk and Compliance Expert

Job Overview

Summary

The Governance, Risk, and Compliance Expert is responsible for the assessing and documenting of the Enterprise Security’s compliance and risk posture as they relate to the its information assets.

Key Responsibilities
  • Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for computer and network security.
  • Operate with a high degree of independence with regard to project management activities, including development of project plans and budget/resource estimates.
  • Lead the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
  • Internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls.
  • Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
  • Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
  • Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, ISO27001/2, PCI DSS, NIST and FISMA.
  • Work with Internal Audit, external auditors and outside consultants as appropriate on required security assessments and audits.
  • Coordinate and track all information technology and security related audits including scope of audits, units involved, timelines, auditing agencies and outcomes.
  • Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light.
  • Provide guidance, evaluation and advocacy on audit responses.
  • Applicable information security management, governance, and compliance principles, practices, laws, rules and regulations.
  • Develop strategies to address awareness and training for all stakeholders as well as technical solutions.
Competencies
  • Experience in Information security in Telecos, ISPs.
  • Skills in documenting risk and compliance activities.
  • Information security related training or certifications such as CISSP, CGEIT, or CRISC.
  • Experience performing information security audits or risk assessments.
  • Must be able to assess computer hardware, software, and systems for security risks or violations and work with enterprise units and technology vendors to recommend solutions.
  • Must be able to assess the status of complex multi-location projects as well as identify and implement appropriate corrective measures to resolve issues as they arise. Must have a strong customer service orientation and the ability to project that attitude to customers in remote locations.
  • Perform contingency planning (IR, BC, DR) with BCP/DR committee.
  • Applicable information security management, governance, and compliance principles, practices, laws, rules and regulations.
  • Good knowledge in Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols.
  • Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration knowledge.
  • Information systems auditing, monitoring, controlling, and assessment process knowledge.
  • Incident response management skills.
  • Good knowledge in risk assessment and management methodology.
  • Familiarity with security auditing processes.
  • Must be familiar with dashboard creation.
  • Must have an understanding of enterprise policy development and dissemination.
  • CRISC, CISSP, CGEIT or similar certifications.
Language
  • English (required)
  • Kurdish (required)
  • Arabic (preferred)

 

  • Number Of Positions: 1
  • Experience: More than 10 years of work experience in relevant field.
  • Education: Bachelor in Information Technology or any related field.
  • Location: Erbil

Get social with us