Information Security Specialist (GRC)

Job ID: 595032
Location: Luton
Category: Strategy
Salary: Negotiable
Job Views:
893
Job Type:
Full time
Posted:
04.25.2017
As a member of the Information Security - Governance Risk and
Compliance team (InfoSec GRC), you will maintain the confidentiality,
availability and integrity of easyJets information and information
systems. This will primarily be achieved through identification and
recommendation of risk mitigation treatment plans and as a subject
matter specialist to support the needs of the organization.

You will deliver this through a Governance, Risk and Compliance
framework that:

* Supports the ongoing alignment of Information Security strategy to
business objectives

* Delivers robust governance processes in the delivery of easyJet IT
capabilities

* Manages an effective information security risk management
capability that assess and reduces risk to an acceptable level

* Implements an ongoing information security compliance programme
that delivers assurance of control performance

* Provide a focal point within easyJet for information security
expertise, The jobholder must have a thorough understanding of the Information
security threat landscape, significant risks, technical developments
and directions.

Strong interpersonal skills are essential, as the jobholder must be
able to operate effectively at all levels within and outside of
easyJet. We are looking for the following skills/experience.

* Minimum of four years in Information Security

* Experience and knowledge of leading information security risk
assessments

* Proven experience in writing Information Security policies,
procedures and standards

* Experience in taking an organisation though alignment, assessment
or delivery of an industry recognised security standard such as
ISO or COBIT

* Ability to harness the commitment and contribution of team members
outside of direct span of control

* Demonstrable experience in creating a sustainable compliance
capability

* Excellent written and oral communication skills

* Ability to conduct and direct research into governance, risk and
compliance capabilities and progression

* Ability to present ideas in non-technical business-friendly
accessible language

* Ability to effectively prioritise and execute tasks in a
high-pressure environment

* One or more of the following qualifications are highly desirable.

* Certified Information Systems Security Professional (CISSP)

* Certified Information systems Auditor (CISA)

* Certified Risk and Information Systems Control (CRISC)
Send to a Friend