Associate Director GRC - Information Security

Key Responsibilities

ISMS Management

• Lead the management and operation of the Information Security Management System (ISMS)
• Review all ISMS policies, procedures and other core ISMS framework documents like Statement of Applicability (SOA), Catalogue of Documents (CoD) etc, for all in-scope departments and ensure they are all updated
• Manage the ISMS risk management program by reviewing all existing asset registers and risk registers
• Collaborate with the IT Global stakeholders and the Information Security Department on a regular basis to ensure the ISMS operates smoothly and continuously improves
• Conduct meetings with the Management Forum and Information Security committee and tracking the minutes of meetings and agenda.
• Liaison with external auditors from certification agency to ensure all scheduled surveillance audits are completed as planned.
• Manage all internal and external audit findings and ensure their remediation on an agreed schedule with the respective IT department managers.
• Drive continuous improvements of the ISMS by designing and implementing effective metrics
• Support the various ISMS roles with their responsibilities as documented in the ISMS operations manual
• Regularly review the scope of the ISMS and ensure it remains relevant for the group, clients and regulators
• Escalate risk and issues relating to the management and operation of the ISMS to Global CISO and other interested parties as appropriate
• Maintain ISMS portal and documentation up to date
• Manage ISMS communications
• Report ISMS status to IT Global stakeholders and the Global CISO

Third Party Vendor Assessments

• Manage Vendor and technology assessments end to end, for supplier and various applications that enable the business day to day operations
• Ensure that technical assessments are conducted in a timely manner and the risks are communicated to the requestors in a professional manner

Required Skills and Qualifications:

• Master’s or bachelor’s degree in computer science/information systems or equivalent experience in Information Systems preferred
• 8+ years developing, implementing, and governing security operations and technology in large, complex enterprises in multiple industry verticals, across a wide range of technology platforms
• 6 years of business experience in running an ISMS based on ISO27001
• Must be a certified lead implementer or a certified lead auditor on ISO27001
• Professional security qualifications such as CISSP and/or CISM preferred Applicant must be willing to obtain certification, if they are not already certified
• Knowledge of key principles and framework surrounding an Information Security Management System (ISMS) and preferably with other related frameworks like ISO27002, ISO27005, ISO27017
• Good knowledge of regional issues and structures, ability to work with people from many different cultural backgrounds
• Strong technical skills of understanding ISO 27001 controls implementation
• Hand’s on auditing experience and understanding on how to identify key Risk areas in Technical Solutions and their architectural design.
• Ability to conduct technical assessments
• Deep hands-on experience in providing governance in the design, development, and deployment of business software at scale in SaaS, PaaS, and IaaS environments
• Professional experience and good technical knowledge of application security, system security, network security, authentication/authorization protocols, and cryptography
• Strong ability to multi-task and work independently within a global team
• Methodical approach to work, attention to detail and delivery of high quality results
• Excellent interpersonal and communication skills
• Fluent in English, other spoken languages a plus
• Holds a valid passport and able to travel periodically on business assignments Education / Academics

Brenntag TA Team