APPLY NOW!
Job title: Security Assurance and Advisory Lead – Remote
Company: Randstad
Job description: We’re looking for a Security Assurance and Advisory Lead to join our team in a permanent-full-time capacity.
This role is 100% work at home.
PURPOSE OF THE ROLE: ROLE: The Assurance and Advisory Lead will execute, develop, and support the Manager of
GRC with planned Corporate projects, focusing on identifying technology and business risks, compensating …
controls, and opportunities for improvement in internal controls.
Responsibility Breakdown
Internal Quality Control, Assurance & Advisory 40%
– Manage and oversee risk and ensure quality control procedures are executed across the enterprise.
– Perform security audits and risk assessments on new or existing solutions.
– Manage domain of Advisory and Assurance services and continue to improve efficiencies
– Validate security controls Information Technology teams and vendors.
– Identify, propose, and implement security methodologies, and tools that simplify security testing and
discovery activities.
– Support business units in identifying improvement opportunities to manage risk and apply quality control
throughout existing applications/systems, processes, and projects.
– Identify and assess technology solutions and business risks, identifying internal controls to mitigate risks,
Provide subject matter expertise in selecting and tailoring existing risk management approaches,
methodologies, and tools to support and secure services and products.
Risk Management 30%
– Assess projects and IT changes for compliance w/ security policies and regulatory landscape.
– Identify areas of information security compliance vulnerability and risk within new and existing projects,
processes, and technologies.
– Perform strategic threat risk assessments, identifying key business risks and threats within projects, existing
processes, leading communication, and reporting of identified risk and risk remediation plans.
– Review and evaluate existing processes and projects to benchmark security compliance with industry
standards.
– Present and communicate risk status to senior management.
– Continue the development and management for the TRA and advisory services program
Project & Team Management 15%
– Identify scope and objectives of projects, gaining an understanding of the business, and managing
resources needed to conduct risk identification, risk mitigation, and risk compliance assurance activities.
– Support and facilitate practice development in information security assurance and advisory engagement
activities, simultaneously overseeing and managing multiple projects.
– Lead and manage outsourced commodity vendor and Third-Party Risk Management provider specific to the
advisory and assurance function
Change Management 15%
– Lead and drive change across the enterprise in implementing and improving existing risk management
methodologies to ensure stakeholder buy-in and effective integration of risk management methodologies in
business practice.
– Integrate and align risk management methodologies to other organizational initiatives:
o, Identify and mitigate barriers to success.
o, Ensure risk management methodologies are adopted within existing processes and programs.
o Identify change management needs in staffing, training, communications, and organizational
designs.
o Support and coordinate security training and awareness material that identifies and communicates
information on security compliance trends to employees.
Requirements:
– 8+ years of direct experience in an information security risk management and compliance role and several years of experience within the healthcare sector
-The successful candidate has lots of experience working in the healthcare industry.
– Expertise in evaluating security controls, conducting risk assessments (including third-party risk management).
– Knowledge and interest in technology including topics such as operating systems, mobile technologies, software development, networking, and business applications.
– Understanding of internal control frameworks including COBIT, ISO 27001, NIST, ITIL, etc.
– Experience in the implementation of ISO 27001 standards and certification
– Knowledge of developing risk reports and control summaries.
– Familiarity with the Internet of Things (IoT) devices, industrial control systems (ICS), and supervisory control and data acquisition (SCADA).
– Architectural and network security experience.
– Strong writing and interpersonal communication skills.
– The ability to handle multiple projects simultaneously.
– Exhibits intellectual curiosity and analytical thinking.
– Bachelor’s degree or Diploma in IT, Business Technology Management, or any related technical field
– Designation (if applicable): One or more relevant security certifications (CISA, CISSP, CPA, CISM, CRISC, GSNA, GCCC)
For immediate consideration, please send resume to Edwin.chang@randstad.ca
ADVANTAGES
A chance to work with one of Canada’s largest health industry, and alongside top leaders in the security world.
RESPONSIBILITIES
Internal Quality Control, Assurance & Advisory 40%
Risk Management 30%
Project & Team Management 15%
Change Management 15%
QUALIFICATIONS
– 8+ years of direct experience in an information security risk management and compliance role and several years of experience within the healthcare sector
-The successful candidate has lots of experience working in the healthcare industry.
– Expertise in evaluating security controls, conducting risk assessments (including third-party risk management).
– Knowledge and interest in technology including topics such as operating systems, mobile technologies, software development, networking, and business applications.
– Understanding of internal control frameworks including COBIT, ISO 27001, NIST, ITIL, etc.
– Experience in the implementation of ISO 27001 standards and certification
– Knowledge of developing risk reports and control summaries.
– Familiarity with the Internet of Things (IoT) devices, industrial control systems (ICS), and supervisory control and data acquisition (SCADA).
– Architectural and network security experience.
– Strong writing and interpersonal communication skills.
– The ability to handle multiple projects simultaneously.
– Exhibits intellectual curiosity and analytical thinking.
– Bachelor’s degree or Diploma in IT, Business Technology Management, or any related technical field
– Designation (if applicable): One or more relevant security certifications (CISA, CISSP, CPA, CISM, CRISC, GSNA, GCCC)
SUMMARY
The Assurance and Advisory Lead will execute, develop, and support the Manager of
GRC with planned Corporate projects, focusing on identifying technology and business risks, compensating
controls, and opportunities for improvement in internal controls.
Expected salary: $100000 – 120000 per year
Location: Toronto, ON
Job date: Wed, 23 Dec 2020 04:12:18 GMT
APPLY NOW!
[ad_2]