Security Governance Consultant (REMOTE)
Updated: Jul 4
Client: United Nations
Location: Valencia, Spain or Remote
Application Deadline: 18th July 2021
To apply for this position, please send your resume at email@example.com and mention the job title that you are applying for.
IdealStaffs Consulting is looking for a Security Governance services to facilitate the execution of projects that are either internal to UN or externally done to provide service to a partner. The candidate must be flexible, able to work in a highly collaborative environment, prioritize across multiple competing tasks, and be able to complete tasks on time.
Under the direct supervision of Lead, Cyber security Governance:
Develop, implement and monitor strategic, comprehensive enterprise information security and IT risk management programmes to ensure that the integrity, confidentiality and availability of information is managed and controlled by client organizations.
Provide regular reporting on the current status of the information security program to senior management and business units as part of a strategic enterprise risk management program.
Implement governance programmes including an information security steering committee or advisory board.
Create, communicate and implement process for risk management, including the assessment and treatment of identified risks. Work directly with business units and stakeholders throughout the organization on identifying acceptable levels of residual risk. Report and oversee treatment efforts.
Create and manage information security and risk management awareness training programmes for all employees, contractors and approved system users.
Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
Develop and enhance an information security management framework based on the ISO 27000 standards. Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.
Coordinate information security and risk management projects. Provide strategic risk guidance for IT projects.
Manage security incidents and events to protect corporate IT assets, including intellectual property, sensitive data and the organization’s reputation.
Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
Develop and oversee effective disaster recovery policies and standards. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.
Liaise among external and internal stakeholders, including audit, legal and HR management teams as required, to ensure that the organization maintains an appropriate security posture.
Manage information security specialists and consultants
Perform other related duties and fulfil responsibilities as required.
Knowledge and Skills
Minimum of 10 years’ experience in information security, risk management, or IT-Security or security incident response or security testing related jobs.
Experience in developing information security policies and procedures, as well as successfully executing programmes.
Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT, etc.
Ability to understand technical and business aspects of IT risk, and to communicate those risks to management, business and technical units so that the organization can make informed decisions regarding appropriate levels of information security control.
Strong analytical and problem-solving skills.
Ability to act calmly and competently in high-pressure, high-stress situations.
Excellent written and verbal communication skills, interpersonal and collaborative skills.
High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
High degree of initiative, dependability and ability to work with little supervision.
Experience in achieving and maintaining ISO 27001 certification
Three years’ experience working in security consulting engagements
Project management skills and ability to manage multiple projects under strict timelines.
University degree (Bachelors’ degree) or equivalent experience in computer science, information systems, mathematics, statistics or related field.
Certification in CISM, CRISC, CGEIT, CISSP.
Ten (10) years or more of progressively responsible professional experience in information technology and/or related area, including at least five years (5) working in information security.
Experience in medium/complex size projects
Experience in managing / working in large ICT programmes.
Experience in producing technical documentation including user requirement documents, proposals in response to project requirements
Experience in drafting processes and procedures documentation.
Experience in working with Microsoft office tools and Microsoft Project.