GRC Manager at First Point Group

Key Responsibilities
The following key activities are in scope for the ICT Assessment that would benchmark a bank’s IT against banking best practices and provide recommendations. The security assessment will include the following:

• Security Vision, Risk view & Compliance Management Requirements Study relative to industry.
• Study of Organizational Structure, Current Roles and Responsibilities & proposal for future organisation.
• Analysis of existing Security Processes, technology architecture and Programs.
• Study of Security Awareness across the organization.
• Initial run of best fit Information Security Benchmarking Methodology and Process for FBN including handover to internal team.
• Development of detailed security strategy and roadmap.
• Only IT Processes and related infrastructure is in scope
• Policies and prioritized assets shall be subject to review for the purpose of identification of gaps, where the assets shall be prioritized during the initial phases of the assessment

Requirements

• Experience in working in security the Banking domain (mandatory)
• Worked on Projects involving security benchmarking (mandatory)
• Experience in working in information security risk management, control assessment, and in guiding the client through Control Implementation (mandatory)
• Proven customer handling skills of senior stakeholders of client organization, e.g. CISO, CIO (mandatory)
• Knowledge and awareness of the latest information risk, security and compliance innovations, trends, challenges and solutions
• Exposure to industry acclaimed information governance, risk and security standards/frameworks and professional practices (NIST, ISO, COBIT, ITIL, ISSA, etc.)
• Knowledge of the typical information risk and security operational practices
• Knowledge of information security related solutions, tools and utilities
• Bachelor’s degree (four-year college or university) in Business Administration, Computer Science, Information Systems, Engineering or related field, or equivalent combination of education and experience

Certifications:

• CISA or CISM (Mandatory)
• ISO 27001 Lead Auditor, CISSP, CGEIT, or CRISC certification(s) (Desired)
• ITIL Foundations (or higher) certification (Desired)
• COBIT Foundations certification (Desired)