about-project :

The Cybersecurity GRC specialist will: work on IT Governance, Risk, and Compliance processes; work closely with the Enterprise Risk Management departments on processes related to IT Risk Management, IT Third-Party Risk Management; work with the Legal department to review and assess agreements from a cybersecurity and privacy perspective in IT to achieve compliance with regulatory requirements. The Cybersecurity GRC specialist will be also engaged in IT Business Continuity Management processes, like Business Impact Assessment and Disaster Recovery Exercises.
The Cybersecurity GRC specialist is also responsible for monitoring the IT controls environment at the company. This includes performing user access reviews, participating in the incident response process documenting, testing, and auditing processes for compliance with established policies and procedures in various locations around the world or at 3rd parties. The Cybersecurity GRC specialist will also be involved in the implementation and cybersecurity assessment of new security solutions, participation in the creation and or maintenance of policies, standards, baselines, guidelines, and procedures as well as participating in vulnerability audits or independent assessments.

responsibilities :

Develop and support IT Governance processes, IT Risk Management processes, IT Compliance processes
Assessing applications, vendors, and processes from a Cybersecurity and Privacy perspective
Work with the IT and Legal teams to ensure compliance with regulations (SoX, GDPR, DOL, etc).
Monitor user access to IT systems by performing the following: Semiannual access reviews, Termination validation procedures, IT Privilege access reviews
Validate that access to critical functions within key applications is appropriately segregated (Segregation of Duties – SOD)
Establish effective communication processes with the business and regional IT teams to coordinate the global assessment of IT controls
Integrally engage in projects making sure that they comply with O-I policies and security requirements
Assist with independent vulnerability assessment and SoX audit processes
Follow documented procedures and retain necessary audit documentation
Participate in the incident response activities in accordance with established procedures

requirements-expected :

Minimum 3 years of experience working in Information Technology/IT and Data Governance, IT Risk Management, IT Compliance
Minimum 3 years of experience working with IT general computer control evaluations, remediation, and with external auditors
Intermediate knowledge related to privacy assessment (GDPR)
Understanding of the industry’s control frameworks and leading practices
Experience in evaluating system security requirements
Knowledge of system functions, security policies, technical security safeguards, and operational security measures
Knowledge of industry-leading practices, security frameworks, policies, and standards
Intermediate operational knowledge of ServiceNow
Intermediate operational knowledge of SAP GRC
Ability to determine priorities, makes discretionary decisions and determines when to notify man-agement
Ability to work well with people from many different disciplines with varying degrees of technical experience
Bachelor’s degree in information technology or legal or equivalent years of experience
Understanding of security frameworks (NIST), and regulatory requirements – governance, risk management, privacy, and data security
Understanding of security protocols and standards
Solid knowledge of information security principles, practices
Experience in communicating and presenting to a management-level audience

offered :

benefits :

responsibilities :