GRC Consultant

  • Waterford
  • Itcontracting
itContracting are currently seeking applicants for a GRC Consultant.This is a permanent position located with our client in Letterkenny, Donegal. Hybrid options available (1/2 days a month onsite requirement)The RoleAs a GRC Consultant, you will perform regional internal audits in compliance with ISO/IED (ISMS) requirements. You will be responsible for Server and Endpoint Security and will support Risk management, utilising information security risk and governance frameworks (including ISO & EBIOS).Key responsibilities: Coordinate and implement regional IT Infrastructure and Security projects.Review and develop IT governance and control key metrics for the IT security performance measurement.Responsible for Network Security and managing of Firewall.Responsible for the carry-out of yearly BCP and Backup Restoration Test exercise.Identify IT risks and evaluating the countermeasures and driving the IT risk assessment processes.Responsible for the follow-up of Security or Vulnerability findings of the Servers and Network.Perform IT compliance checks and conduct reviews periodically.Review security logs periodically and undertaking necessary corrective and preventive actions.Review Security Incident Reports in the region and submitting monthly report to the management.Collaborate with service providers / third party vendors for daily operations and issues reported from users. Your ProfileYou will be an ISO practitioner having a strong understanding of various Security concepts such as Application security, Vulnerability Management, Policies, standards, Risks, Security Operations, Security Incident Management, ITIL and Agile.Key skills/experience: Understanding of Network & System concepts including Virtualisation, Firewall, IPS, ATP.Strong knowledge of performing project risk assessments. Strong analytical and reporting skills.Excellent attention to detail and the ability to create clear, concise, and engaging presentations. Information Security and /or Information Technology industry certification (CISSP, CISM, CRISC, GIAC, CISSP or equivalent). Good to have: Strong experience in articulating IS risks in business language and advising on the appropriate risk management action. Solid experience in information security management reporting and related methodologies.Knowledge of generally accepted IT audit standards, statements and practices, and IT security and control practices.Knowledge of ISO – Information Security Management System (ISMS) and Risk Management methodologies.Good understanding of IT GRC and IT controls.