Security Exception Service Owner
ABB
Kraków, Małopolskie, Poland
5 d. temu

Tasks :

Incumbent will focus on strategic planning and supporting the Findings Management process and its key sub-processes like Security Exception.

This role will be accountable for maintaining, modifying and development of the process activities and tools.

The role requires an advanced information risk and control knowledge, the ability to understand and translate the IS risk polices and standards principles and requirements into risk treatment actions.

  • Acts as a key enabler for selected Information Risk Management processes, notably findings and remediation processing
  • Ensures the development of the security knowledge regarding new and emerging security frameworks, processes and industry best practices
  • Understands and applies business economic considerations while making security risk mitigation recommendations
  • Takes the rational risk based approach in the decision making process while dealing with exceptions
  • Drives the Information Security Exception process strategy and planning
  • Acts as the Exception Committee lead for weekly and ad-hoc meetings to ensure that exception and risk management workflow functions as intended
  • Stays abreast with the overall IS and security technologies currently used in ABB and in the market
  • Understands technology vulnerabilities and how non-compliance to security standards exposes ABB to risk

    Requirements :

  • Degree in Information Security, Information Risk Management, Computer Science, Business Management or adequate professional work experience
  • 3-5 years of experience within Information Risk Management, IS Controls Monitoring&Assurance, IT Audit and / or Information Security domain
  • Superior analytical skills and a deep understanding of the overall context of business processes and security technologies
  • Ability to understand and translate business requirements into security capabilities and solutions
  • Previous consulting experience and stakeholders management including c-level suite
  • Very good knowledge of one or more security and / or risk management frameworks (ISO / IEC 27001 / 2, NIST, ISF, GDPR, ITIL, PCI-
  • DSS, CCM, COBIT) highly desirable

  • Security and / or auditor certifications (CISSP, CISM, CRISC, CISA, GSEC, or similar) would be an asset
  • Fluent spoken and written English
  • Aplikuj
    Dodaj do ulubionych
    Usuń z ulubionych
    Aplikuj
    Mój adres email
    Klikając przycisk "Kontynuuj", wyrażam zgodę neuvoo na przetwarzanie moich danych i wysyłanie powiadomień e-mailem, zgodnie z zasadami przedstawionymi przez neuvoo. W każdej chwili mogę wycofać moją zgodę lub zrezygnować z subskrypcji.
    Kontynuuj
    Formularz wniosku