Consultant – Technology Risk Controls & Governance

Description de la mission

Role:
Design and implement controls for technology risk and governance frameworks.
Knowledge of key Technology concepts and capabilities e.g., Privileged Access, SDLC, Identity & Access Management, Data Security, Asset Applicability. i.e., Applications / Installed Software / Cloud.
The areas that the successful candidate would be working within are Identify & Access Management, Systems & Infrastructure Security, Network Security and Data Security.
A good understanding of the relevant local technology risk regulations, best practise, and the associated application to a financial services business; specifically NIST, Cloud Controls Matrix (CCM), PCI DSS, ITIL, Cyber Risk Institute, ISO27001 – with an exposure to FFIEC rules or handbooks an advantage.
Technology Audit, 2nd line technology oversight or 1st line technology risk or controls experience facing off to senior stakeholders is also required.
Technical Skills Sought:
Technology Risk Governance
Information Security / IT Security risk and control (e.g., Entitlements Management, Segregation of Duties, Threat Management, Penetration Testing, Strategy)
Technology focused Regulatory work (e.g., working as a financial services regulator or having experience dealing with regulators)
Technology / Information Security Policy / Procedures management
Beneficial Certifications:
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Certified Information Systems Security Professional (CISSP)
Certified in Risk and Information Systems Control (CRISC)
ISO 27001 Auditor