DTS Risk and Functional Assurance Consultant

Recruiter
Frank Recruitment Group
Location
London (Greater)
Posted
13 Apr 2018
Closes
20 Apr 2018
Contract Type
Permanent
Hours
Full Time
Purpose Statement

* The Risk and Assurance Consultant uses professional expertise to enable the effective management of risk and provide functional assurance over related controls for Digital Technology Services (DTS) in line with risk appetite
* Engages with key stakeholders to manage, maintain, assess and monitor the risk and control framework and provides timely reporting to relevant stakeholders
* Delivers the risk and assurance activities as defined by the Risk and Assurance Manager to provide overall assurance over the key services under DTS and support compliance with external requirements including external and internal audits

Accountabilities

* Assisting the Risk and Assurance Manager in the execution of activities to support the DTS Risk and Functional Assurance Strategy and plan, including:

* Alignment of work to Group Policy and Standards including the Enterprise Risk Management Framework and Functional Assurance Standard
* Tracking enterprise risk registers for information security risks
* Evaluating and identifying new and current information security risks using both internal sources (audit findings, penetration test results, etc.) as well as external sources (threat intelligence feeds, industry specific threat advisories, etc.)
* Reviewing information security controls on an ongoing basis against the changing risk landscape to evaluate changes in residual risk and assess the sufficiency of the corresponding compensating control(s) or the need for new controls
* Identify opportunities for DTS process improvement through controls simplification and standardisation
* Working with stakeholders to advise and provide guidance about the application of DTS policies and standards and risk and control management processes
* Creating reports, dashboards and related communications to report on risks and controls assurance for stakeholders and the various risk and control committees
* Reviewing and dispositioning information security risk exception requests in accordance with Group policy, and ensuring time-limited risk exceptions are reviewed prior to their expiry
* Performing information security assessments
* Advising business units regarding information security policies and helping control owners address control gaps via identification of possible compensating controls
* Reporting on Key Risk Indicators (KRIs), Key Performance Indicators (KPIs), and Key Performance Indexes (KPXs) for DTS risks

Competencies and Qualifications

Competencies

* Good understanding of and ability to apply commonly-used concepts, practices, and procedures for information technology governance, risk management, assurance and information security, including Governance, Risk and Compliance (GRC) platforms, and familiarity with GRC tool usage
* Knowledge of standards, frameworks, methodologies and leading practices related to risk and controls identification, assessment, evaluation, response and monitoring
* Knowledge of risk registers, as well as identification, assessment and mitigation methodologies
* Balance of business acumen and technology knowledge
* Ability to grasp the interdependencies of key business processes and workflows, external market factors and influences that drive the organisation, and apply these to the identification of effective risk and controls
* Understanding of the Information Security Forum (ISF) controls framework, National Institute of Standards and Technology (NIST) Cybersecurity Framework, Control Objectives for Information and Related Technology (COBIT), International Organisation for Standardisation (ISO) 27000
* Knowledge of legal and regulatory environment affecting the power utilities, retail energy, or oil and gas industries
* Demonstrated ability to work in teams, with the ability to effectively prioritise work/delivery commitments to achieve timely and effective outcomes
* Effective communication skills (oral and written), with the ability to translate technical language into business language and vice versa
* Influencing key stakeholders to mitigate risks and meet compliance requirements

Education

* Bachelor’s degree preferred in area(s) of study such as information technology, computer science, information systems, or related field, or high school diploma with relevant work experience

Work Experience

* Preferred experience in areas of audit, risk management, governance, information security and/or compliance
* Preferred experience in information risk and security-related best practices, policies, standards, and regulations (e.g., ISO 27001, Information Security Form (ISF), Payment Card Industry (PCI) Data Security Standard, and data privacy)
* Preferred experience with the emerging risk and threat landscape in the power utilities, retail energy, or oil and gas industries

Similar jobs

Similar jobs