Grc Security Expert

The role is for a GRC Security Expert responsible for managing and implementing information security processes, compliance, and risk management within a global organization, with a focus on security governance, audits, and regulatory requirements.

Location: Ukraine

Responsibilities

• Define, establish and implement organizational information security processes to meet business, regulatory, legislative and contractual requirements.
• Manage internal and external ISMS audit processes, monitor effectiveness of controls and corrective actions.
• Manage gap analysis, compliance readiness, and compliance monitoring activities for ISO/IEC 27001, PCI DSS and other regulatory security audits.
• Coordinate external security audits, assessments and testing as well as remediation plans development and implementation.
• Identify, assess and monitor information security risks and recommend mitigation measures.
• Develop content, coordinate and facilitate a comprehensive organizational information security awareness training program.
• Manage security requirements with third parties, including due diligence of products and services providers and information security requirements clauses in service provision agreements and contracts.
• Develop, coordinate and maintain information security policies, procedures and other security related documents.
• Analyse, map and communicate information security requirements, that derive from legislative and regulatory obligations in various jurisdictions.
• Serve as project manager/lead within security projects.
• Continually improve and update knowledge to accommodate changes to the company’s regulatory environment and needs.

Requirements

• Proven experience (3+ years) across security governance, risk and compliance domain.
• Strong communication skills and ability to interact professionally with a diverse group including executive management, managers and subject matter experts.
• Strong management skills, leading people, delegating tasks, setting goals and ensuring objectives are met in continuous and deadline-oriented activities.
• Experience in leading PCI DSS ISO 27001:2022 and SOC/ISAE402 certification and surveillance audits as well as leading and supporting information security risk assessments and management process.
• Bachelor’s Degree in Information Security, Information Assurance, Computer Science, Cybersecurity, Risk Management or equivalent work experience.
• Professional certification (CISSP/CISM and ISO 27001 Lead Implementer/Auditor or similar).
• A pro-active, self-motivated approach and ability to work independently within a global security team.
• Very good written and spoken English.

Benefits

• Prior experience working within a SaaS/Online Gambling organization.
• Technical experience in IT infrastructure, networks, databases, or software development.

Additional Information

• Thrive in a culture that values initiative-taking and confident approach at the workplace.
• Global scope and inclusive working environment.
• Constant learning and development opportunities.
• Active lifestyle and mental well-being.
• Fun and engaging company events.