GRC Specialist - InfoSec Spcialiste InfoSec GRC - 78786
GRC Specialist - InfoSec Spcialiste InfoSec GRC - 78786
Posted on :
27-04-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
French Job Description:
The candidate must have the following qualifications to be retained for an internal process:- Connaissance approfondie des normes et cadres de cyberscurit (ISO 27001 NIST etc..
- Connaissance des solutions de gestion de risques tiers telles que Bitsight CyberGRX UpGuard ou autres
- 3 ans dexprience en analyse documentation et la mise jour des processus et procdures applique au contexte InfoSec.
- Exprience 3 ans minimum) dans la conduite des activits lies la gestion du risque cyber des tiers.
- Exprience 5 ans minimum) dans la rdaction de documents de gouvernance (politique directives procdure de scurit).
- Exprience 5 ans minimum) en gestion des risques et mise en oeuvre des cadres de gestion de risques et contrles InfoSec.
- Exprience 3 ans minimum) dans la mise en place de solutions TI permettant davoir les bonnes pratiques et la structure pour livrer un projet TI simple moyen (migration de donnes intgration dune solution etc.
- Langue: Bilinguisme doit parler une langue et comprendre lautre. Toute la doc est en anglais.
Atouts:
- Diplme en informatique en cyberscurit ou dans un domaine connexe.
- Certifications : des certifications telles que CISSP CISM ISO 27001 ou autres certifications en gestion des risques et conformit et scurit.
- Exprience en valuation des offres (RFP)
- Maitrise de Azure DevOps.
Job description:
Lobjectif de ce mandat est de soutenir lescouade Gouvernance et conformit (charge de grer nos politiques et nos contrles la conformit supporter les audits et de grer la scurit de la chane dapprovisionnement) tant dans ses activits rcurrentes que dans les initiatives dvolution prvues pour lanne. Un accent particulier sera mis sur la gestion du risque cyber des tiers avec des interventions possibles sur dautres activits de lescouade ou de la direction.
***On cherche un bon analyste qui sera en mesure de faire lanalyse et lvaluation des tiers (scurit). On cherche plus une personne spcialise au niveau gouvernance et conformit moins au niveau du risque***
Tches principales :
- Livrer notre initiative de changement de notre solution de gestion des risques cyber des tiers :
- Planifier coordonner et suivre lappel doffre visant renouveler nos services TPRM en coordonnant lensemble des partiesprenantes impliques.
- Documenter et mettre jour nos processus et procdures de gestion de risques cyber des tiers.
- Conduire la migration vers la nouvelle solution de gestion des risques cyber des tiers en coordonnant lensemble des partiesprenantes impliques
- Effectuer au besoin des revuesdiligentes de la scurit des tiers et contribuer aux appels doffres pour dfinir les requis de scurit.
- Contribuer la rvision majeure de notre politique de scurit de linformation et llaboration de documents de gouvernance (directives procdures de scurit).
- Contribuer la mise jour de notre cadre de contrles de scurit de linformation (alignement avec le NIST CSF v2.0 et les autres cadres applications du client)
- Contribuer dautres activits en Gouvernance Risque et Conformit
English Job Description:
The candidate must have the following qualifications to be retained for an internal process:- Indepth knowledge of cybersecurity standards and frameworks (ISO 27001 NIST etc..
- Knowledge of thirdparty risk management solutions such as Bitsight CyberGRX UpGuard or others
- 3 years of experience in analyzing documenting and updating processes and procedures applied to the InfoSec context.
- Experience 3 years minimum) in conducting activities related to the management of thirdparty cyber risk.
- Experience 5 years minimum) in drafting governance documents (policy directives security procedures).
- Experience 5 years minimum) in risk management and implementation of risk management frameworks and InfoSec controls.
- Experience 3 years minimum) in the implementation of IT solutions allowing to have the best practices and the structure to deliver a simple to medium IT project (data migration solution integration etc.
- Language: Bilingualism must speak one language and understand the other. The entire doc is in English.
Assets:
- Degree in computer science cybersecurity or a related field.
- Certifications: Certifications such as CISSP CISM ISO 27001 or other certifications in risk management and compliance and security.
- Experience in bid evaluation (RFP)
- Proficiency in Azure DevOps.
Job description:
The objective of this mandate is to support the Governance and Compliance Squad (responsible for managing our policies and controls compliance supporting audits and managing supply chain security) both in its recurring activities and in the evolution initiatives planned for the year. Particular emphasis will be placed on the management of the cyber risk of third parties with possible interventions on other activities of the squad or management.
We are looking for a good analyst who will be able to do the analysis and evaluation of third parties (security). We are looking more for someone specialized in governance and compliance less in terms of risk
Main tasks:
- Deliver our initiative to change our thirdparty cyber risk management solution:
- Plan coordinate and follow up on the call for tenders to renew our TPRM services coordinating all the stakeholders involved.
- Document and update our thirdparty cyber risk management processes and procedures.
- Lead the migration to the new thirdparty cyber risk management solution coordinating all stakeholders involved
- Conduct as required due diligence reviews of thirdparty security and contribute to calls for tenders to define security requirements.
- Contribute to the major revision of our information security policy and the development of governance documents (directives security procedures).
- Contribute to the update of our information security controls framework (alignment with NIST CSF v2.0 and other client application frameworks)
- Contribute to other activities in Governance Risk and Compliance
Required Experience:
Unclear Seniority
Employment Type
Full Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
