INFORMATION SECURITY & RISK MANAGER

Information Security Risk Manager 12 month contract (view to extend)RemoteSuitable candidates will need to be based in Spain or willing to relocateInformation Security Risk Manager, You will be responsible for assessing, reporting, and managing information security risks identified in our systems and data, business processes and third-party service providers.Role Support the design and improvement of the information security framework (ISF): policies, controls, procedures using the NIST Cyber Security Framework; including third party risk management.Assess new and existing systems, data flows, business processes, and third-party providers engagements and services to implement and verify compliance to the ISF reporting identified risks and issues to systems, processes, and third-party providers owners.Perform information security risk assessments such as but not limited to security business impact analysis (BIA) and business dependency analysis; security controls plan; controls maturity assessments; third party provider risk profiling, risk assessments and audits.Maintains the information security risks and issues registers, deliver high quality reports and run information security committees, meetings with business and IT management to manage risks.Support the design and improvement of the third-party information risk management policies, controls, and procedures. Assist or lead assessment of information security risks arising from engagement with third party providers and drive remediation efforts.Drive the design and implementation of a GRC platform including functional requirements, reviewing process designs, rolling out the new processes to the business and IT teams. Also, support in the administration and maintenance of the GRC tool.Design, improve and periodically report security key risk indicators and metrics to IT and business management to support continuous improvements and increase security maturity in our business processes.Skills/ExperienceMinimum of 10 years of professional experience in information technology, at least 3 years as an information security risk managerRelevant information security professional certifications e.g. CISSP, CISM, CRISC, CISA, GSEC-GIAC, ISO 27001 auditor / practitioner.Desirable: Training and or certifications in GRC platforms such as ServiceNow GRC, Archer, MetricStream; and the NIST Cyber Security Framework: Standards, Guidelines and Practices.You are passionate about cybersecurity and can coach and help others who come from diverse backgrounds in information technology, compliance, or information security domains.You have an elevated level of personal integrity, ability to professionally handle confidential matters and convince others using appropriate level of judgment and maturity.You have strong verbal and written communication skills in English, German is a plus.