Governance, Risk And Compliance Analyst Ari

Governance, Risk And Compliance Analyst
Ari
Abruzzo, Ari

Governance, Risk and Compliance Analyst, Metropolitan City of Milan Client: ION

Location: Metropolitan City of Milan, Italy

Job Category: Other

EU work permit required: Yes

Job Reference: 9061af16d5d6

Job Description: Role Description

? Support and advise on management of information security and associated controls;

? Support and advise on management of risk and provide a transparent view of risk posture to stakeholders;

? Support and advise on compliance with relevant control standards, regulation and audit requirements;

? Responsible for the oversight and monitoring of risk in line with the ISMS;

? Collaborates with security and audit teams to ensure controls are operating in line with policies.

Key Tasks

As part of the Governance, Risk and Compliance Team within ION Markets, the resource will deal with the following activities:

? Document and monitor risk and control environment to identify existing and emerging risks and issues;

? Evaluate and document issues related to changes in the risk environment and risk priorities;

? Identify and aggregate thematic risk related to findings and trends, regulatory preparedness, thematic concerns;

? Engage Internal Audit to discuss risk posture and audit inputs;

? Communicate heightened risk that is relevant to stakeholders and customers to ensure transparency and appropriate prioritization for remediation;

? Understand legal and regulatory obligations relevant to the product and how the processes and associated controls provide evidence of compliance;

? Partner with business stakeholders to respond to customers, external audit and regulatory requests for information;

? Educate and advise on security policy, standards and procedures;

? Manage and maintain external certification activities.

Required Skills, Qualifications, and Experience Knowledge of:

? Working within the technical financial services industry, or other highly regulated industries;

? Information security management, governance, and compliance principles, practices, laws, rules and regulations, NIST, ISO, NIS, DORA and GDPR;

? Information technology systems and processes, network infrastructure, data architecture, data processes and protocols;

? Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration, CIS, CSF;

? Information systems auditing, monitoring, controlling, and assessment process;

? Incident response management, ITIL;

? Risk assessment and management methodology, NIST, ISO 27005;

? Security training techniques and reporting activities.

Skills in:

? Developing and implementing enterprise governance, risk, and compliance strategy and solutions;

? Researching and understanding security information related to internal and external organizations using online and other sources;

? Management of technology vulnerability and threat information;

? Security project management and planning;

? Risk management, information security and audit management lifecycles.

Ability to:

? Effectively communicate technical issues to diverse audiences, both in writing and verbally;

? Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process;

? Evaluate and update and/or revise programme materials;

? Handle sensitive and confidential matters, situations, and data;

? Understand and follow broad and complex instructions;

? Comprehend technical language and to confer, analyse and write in an objective, lucid manner;

? Work independently and prioritize multiple tasks and adapt to needed changes;

? Remain calm under high pressure/difficult situations.

Preferred Certifications:

? CISM;

? CISA;

? CRISC;

? CISSP.

#J-18808-Ljbffr