Incumbent will focus on strategic planning and supporting the Findings Management process and its key sub-processes like Security Exception.
This role will be accountable for maintaining, modifying and development of the process activities and tools.
The role requires an advanced information risk and control knowledge, the ability to understand and translate the IS risk polices and standards principles and requirements into risk treatment actions.
Acts as a key enabler for selected Information Risk Management processes, notably findings and remediation processing
Ensures the development of the security knowledge regarding new and emerging security frameworks, processes and industry best practices
Understands and applies business economic considerations while making security risk mitigation recommendations
Takes the rational risk based approach in the decision making process while dealing with exceptions
Drives the Information Security Exception process strategy and planning
Acts as the Exception Committee lead for weekly and ad-hoc meetings to ensure that exception and risk management workflow functions as intended
Stays abreast with the overall IS and security technologies currently used in ABB and in the market
Understands technology vulnerabilities and how non-compliance to security standards exposes ABB to risk
Degree in Information Security, Information Risk Management, Computer Science, Business Management or adequate professional work experience
3-5 years of experience within Information Risk Management, IS Controls Monitoring&Assurance, IT Audit and / or Information Security domain
Superior analytical skills and a deep understanding of the overall context of business processes and security technologies
Ability to understand and translate business requirements into security capabilities and solutions
Previous consulting experience and stakeholders management including c-level suite
Very good knowledge of one or more security and / or risk management frameworks (ISO / IEC 27001 / 2, NIST, ISF, GDPR, ITIL, PCI-
DSS, CCM, COBIT) highly desirable
Security and / or auditor certifications (CISSP, CISM, CRISC, CISA, GSEC, or similar) would be an asset
Fluent spoken and written English