Security Compliance Specialist
Diageo
Budapest, Hungary
Published 2 months ago
Compliance Management Systems / Technology
Job Description :
Purpose of Role:
The purpose of the role is to ensure the right security policies are in place with the right level of requirements following Diageo's risk appetite and tolerance. The role has to ensure that there is sufficient oversight on the embedment of the policy requirements in line with the IT Security & Control framework and non compliances and exceptions are managed. Risks and strategy is aligned with our policies.
Top 3-5 Accountabilities:
Qualifications and Experience Required:
Regular
Primary Location:
Budapest
Additional Locations :
Job Posting Start Date :
2024-08-08
Purpose of Role:
The purpose of the role is to ensure the right security policies are in place with the right level of requirements following Diageo's risk appetite and tolerance. The role has to ensure that there is sufficient oversight on the embedment of the policy requirements in line with the IT Security & Control framework and non compliances and exceptions are managed. Risks and strategy is aligned with our policies.
- Ensure security policies are in place, up to date and follows the framework of the choice (NIST, ISF, ISO27x)
- Set up and monitor metrics to inform management on the embedment of the policies
Top 3-5 Accountabilities:
- Maintain and regularly update IM&S security policies, standards and guidelines.
- Define governance and monitoring requirements for policies
- Define process to manage exceptions to defined requirements
- Own and continuously improve policies and processes in relation to requirements set out in policies and exceptions
- Ensure stakeholders are fully aware of the level of embedment
- Work with other D&T functions and in IM&S namely security solution architects, risks leads, communications to identify potential improvement areas and increase security maturity of Diageo
- Ensure potential gaps are highlighted and action plans are created and agreed to in agreement with other D&T and IM&S stakeholders
- Drive the remediation of identified gaps, ensure timely delivery
- Assess changes in external regulatory landscape and their impact on our internal requirements
- Help in Training and awareness by developing security awareness training program for employees
- Cyber security
- Risk and control effectiveness
- Risk evaluations and mitigation
- Commercial understanding and judgement
- Consulting
- Conceptual and analytical rigour
- Be authentic
- Consistently deliver great performance
Qualifications and Experience Required:
- Information Systems / Information Technology degree
- Excellent English, both written and spoken
- Minimum 4-5 years of Cyber Security experience
- Risk Mindset - Ability to identify risks and can apply them to broad areas
- Ability to communicate in an effective way
- Good ability on prioritisation, urgency and problem solving
- Good project management skills
- Experience with advanced Microsoft tools is an advantage (Powe BI, Power Apps)
- Knowledge of cloud security and compliance (e.g. Azure, AWS)
- Security qualification (i.e.: CISSP, CISA, CISM, SANS, etc) is a plus
Regular
Primary Location:
Budapest
Additional Locations :
Job Posting Start Date :
2024-08-08