Vhi Group Services DAC have a full time permanent vacancy for the role of Security Control Assessor based in Dublin or Kilkenny on a hybrid basis. The successful candidate will be responsible for a multi-year control testing programme in accordance with Information Security’s monitoring plan as part of its second line of defence function. The SCA will schedule and execute testing of controls to assess their design adequacy and operating effectiveness.
Role purpose:
* Execute security control testing in accordance with the Information Security Monitoring Plan.
* Review master controls and control procedures to ensure adequacy.
* Propose and deploy changes to controls once approved.
* Carry out testing of the design and operating effectiveness of controls.
* Pro-actively engage with first-line colleagues, (risk co-ordinators, control owners and senior managers), to ensure adequate testing of controls has taken place and review evidence provided.
* Carry out interviews, document, and report on findings.
* Where any deficiencies have been identified; work with the first line to create suitable remediation plans and track to closure.
* Ensure review cycles are kept in-line with the monitoring plan.
* Plan future engagements.
* Log and monitor findings within the GRC, setup and execute engagements within the GRC.
* Evidence that 2LoD Information Security control testing has taken place, and that governance is adequate.
* Engage with second line colleagues in Risk and Compliance regarding any GRC configuration changes.
* Assist in identifying and assessing risk as part of the overall IT Risk Management process.
* Provide input into Information Security policies, standards and guidelines.
Key criteria
Technical experience and education:
* Degree in Cybersecurity or Information Technology with a minimum 5 years’ experience in cybersecurity or cyber risk.
* Professional certifications in relevant domains such as CISA, CISSP, CISM, CRISC an advantage but not essential.
* Project Management experience
* Proven experience of the following:
o Control Assessment
o IT Risk Management
o RSA Archer
o NIST CSFv2
Interpersonal skills
* Excellent communication skills (both written and verbal) with the ability to translate complex risks into easily understandable language.
* Self-starter with ambition to achieve our business goals.
* Excellent time management, planning, problem solving and organising skills.
* Strong team player skills with excellent stakeholder management abilities.
#J-18808-Ljbffr