Job Description
Job title: Security Risk and Assurance Specialist\n\nLocation: London/Hybrid\n\nDuration: 6 months\n\nAdecco is an employment consultancy. We put expertise, energy, and enthusiasm into improving everyone's chance of being part of the workplace. We respect and appreciate people of all ethnicities, generations, religious beliefs, sexual orientations, gender identities, and more.
We do this by showcasing their talents, skills, and unique experience in an inclusive environment that helps them thrive.\n\nThe role:\n\nDeliver an enhanced security risk assurance and due diligence review of all in scope applications, cloud services and related technologies for ECB compliance readiness \n\nDeliver entity level risk assurance and management dashboard to support ongoing risk and issue management and reporting across EMEA. \n\nMaintain and update the governance, risk, and performance frameworks, across Information and Cyber Security within EMEA, with an EU focus. \n\nResponsibilities:\n\nMaintain and enhance the Security due diligence assurance process in line with EU and UK regulatory expectations\nDeliver a full due diligence assurance on all in scope applications, systems and technologies in support of ECB compliance.\nDefine and embed key metrics required for information and cyber security continuous controls management and reporting; driving and tracking mitigations; facilitating periodic review to reflect changing cyber threat landscape and confirm the adequacy of risk and key controls\nImplement risk appetite methodology for EU reporting process, including but not limited to templates, heat maps and dashboard to continually inform on risk appetite position\nMaintain and enhance the EMEA Information Security Risk and Assurance documentation, policy, standard, frameworks, processes and procedures.\nConsistently look for improvements in the efficiency and effectiveness of Information and Cyber Security risk and due diligence assurance reporting \n\nRequirements:\n\nRisk management techniques such as risk identification, risk evaluation, control mapping and mitigation tracking\nPerformance management techniques including developing and maintaining KRIS, KCIs, KPIs and appropriate tolerances\nSecurity due diligence assurance framework definition, implementation, assessments and reporting\nStakeholder management, including working with diverse teams in EMEA, North America, Ireland and Japan\nInformation and Cyber Risk Frameworks and Standards (e.g., NIST / ISO27001) as well as Regulatory frameworks (e.g., Bank of England FCA/PRA, EU).\nExperience of EMEA Regulations and standards such as DORA/ECB regulatory requirements is required \n\nCandidates will ideally show evidence of the above in their CV in order to be considered.\n\nPlease be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly