Amexio - Security Governance Consultant

Reporting to the CISO, you will lead Governance, Risk and Compliance (GRC) work for Information Security.

You'll be in charge of the maintenance of the Information Security Management System (ISMS) aligned to ISO 27001; you will also help develop a Control Assurance function to advise on and monitor information security risks, control failings and industry framework alignment.

Mission Develop and maintain a risk register and risk management framework.

Perform internal audits for information security and service management systems Manage the development of service continuity plans and their related policies and procedures Host, coordinate and facilitate IT-related external and third-party audits.

Control ISMS documentation and records Coordinate corrective and preventive actions post to major incidents, audit findings, or any other means.

Produce and maintain ISO27001 required documents and records Profile University degree with a specialisation in Security, Governance, IT Risk Management, Business IT or similar 0-2 years of experience in security, governance, compliance, risk management or similar (a graduated person with some knowledge of information security (especially ISO 27001) could match) Familiar with security standards (ISO 27001, NIST CSF, CIS 20, SWIFT, etc.) Certification such as ISO 27001 lead implementer / lead Auditor, CISM, CRISC etc.

is an advantage Proficient communication skills as working closely with stakeholders is required Strong team player with good organisational skills Fluent in English with good communication skills