Talent.com
Cette offre d'emploi n'est pas disponible dans votre pays.
Information Security GRC Engineer

Information Security GRC Engineer

Cargolux Airlines International SALuxembourg, Luxembourg
Il y a plus de 30 jours
Description de poste

Task Responsibilities :

Information Security Management System (ISMS) :

  • Develop and maintain the ISMS at Cargolux,
  • Define and continuously improve relevant processes and procedures related to Governance, Risk and Compliance,
  • Measure the ISMS efficiency and effectiveness as well as its implementation and report on any deviations,
  • Maintain the security awareness program and trainings contents,
  • Manage the GRC solution.

Risk management :

  • Perform the Information Security risk assessment,
  • Ensure the risk management process is implemented and SLAs are respected,
  • Challenge and identify control implementation gaps and missing controls,
  • Define risk treatment plans and track their implementations.

    • Compliance :

  • Track compliance requirements and define strategies to achieve compliance,
  • Monitor status of compliance and report gaps / risks,
  • Prepare and maintain regulatory deliverables,
  • Support different audit activities : internal to CV and external (third parties or authorities)
  • Lead and manage ISO27001 certification process and track and implement ISO27002 controls.

    • Essential Requirements For The Position :

    Qualifications :

  • Minimum 5 years of experience in similar position.
  • Master degree in Information Security management, Cybersecurity, or any related field,
  • Information Security relevant degrees or certifications (e.g., ISO27001 Lead Implementer, CISSP, CISA, CRISC, ...).

    • Technical skills :

  • Experience with GRC tools and technologies, and familiarity with cloud security best practices and risk management,
  • Proven experience with Risk assessment and a good understanding of controls' relevance and sufficiency,
  • Experience with the entire controls monitoring life cycle, including identifying, assessing, monitoring, and re-mediating controls,
  • Proven experience in building Information Security related processes (e.g. Risk management process),
  • Proven experience in developing policies, standards and procedures,
  • In-depth knowledge of security frameworks, standards and regulations : ISO27001, SOC2, NIST CSF, NIS / NIS2.

    • Soft skills :

  • Detail-oriented,
  • Strong verbal and written communication skills,
  • Leadership and influence : manage and drive complex projects, and manage multiple high-priority tasks, and collaborate with diverse teams,
  • Innovation and problem solving : develop solutions to overcome faced challenges (internal : organization, processes,.. and external : regulatory or contractual...).

    • Working Conditions :

  • Full-time, permanent position based in our HQ in Luxembourg
  • A Certificate of good conduct (Casier judiciaire, Polizeiliches Führungszeugnis) will be required in case of positive selection
  • The internal title for this position will be "Engineer Information Security"

    • Benefits we offer

  • Flexible working hours and a work from home policy
  • Company car
  • Additional health insurance
  • 27 vacation days and additional 4 special paid-off days (incl. annual vacation allowance)
  • Numerous discounts in the wider region as well as selected travel discounts
  • Trainings and career mobility opportunities within the various departments
  • On-site parking and canteen (with subsidized meal vouchers)
    • Créer une alerte emploi pour cette recherche

    Information Security • Luxembourg, Luxembourg