The position requires good knowledge and expertise within governance risk and complice with the focus on Information security, audit readiness, security controls and risk management.
You must help with audits, risk assessments, participate in various security projects and onboarding of new customers to Aeven, ensuring the agreed compliance and controls are followed. You must guide project management and service lines on how to understand and implementing security controls. Establish security operational manuals.
It requires that you maintain the role as a trusted IT Security Officer and the ability to identify, understand and transform customer requirements into high quality security solutions and/or -advises.
You can communicate complex security issues on CISO-level with a risk based approach.
As a Customer Security Officer, with the speciality in Governance Risk and Compliance you can be responsible for:
Your Responsibilities
- The CSO ensures to collect relevant input from contracted Aeven security deliverables, packages the information to a single security report and presents this for the customer at security board meetings
- Conducting Security Risk Assessments and GAP analyses
- Conducting Business Impact Assessments (BIA) and Threats, Vulnerabilities & controls assessments (TVCA)
- Advising on effective security policies and controls, and be able to monitor and enforce these in Aeven
- Conducting various security assessment and creating a security roadmap in corporation with the Customer
- Act as a SPOC and work closely with different stakeholders in the line of business, both internal and external, to ensure the delivered advice/solutions fits the overall goals and strategy of the customer organisation
- Assist in security projects, with onboarding of new customers and additional security services. Help in understanding the customers security requirements and developing security control descriptions, risk assessments, business continuity plans and Security operational manual
- Assist in audit of the customers infrastructure and services
- The CSO oversee, validate and quality ensures the security services on an ongoing basic
- The CSO can facilitate meetings with Aeven security-SME's in relations to customer requests for new security technologies etc.
- The CSO ensures to manage actions and related questions to the security services
Your knowledge and experience
- Long Higher Education (Master) with supplementary education and min. 5 years of work or experience equivalent
- It is preferred that you have one or more of the following certifications: CISA and ISO IEC 27001 Lead Implementer, CRISC
- General knowledge of legal frameworks like: EU-GDPR, NIS2, DORA and international security frameworks like: NIST and CIS18, PCI, SWIFT
- Experience developing ISMS with control descriptions and reporting
- Experience developing Business Continuity plans, conducting risk assessments, DPRA, DPIA and likewise