Cyber Security - GRC

IT Risk & DevOps Management

Cyber Security - GRC - Vendor Risk Assessment, Cyber Security - GRC - Data Security

NL- Amsterdam

8-10 Years

English

Onsite

6 Months

Background in Cyber and Technology Risk and Controls in all disciplines of technology domains, as well as Cyber Security related risks; with strong understanding of technology Risk Governance, Risk & Compliance principles and Management processes and controls.

• Experience of working in a first, second-, or third-line function responsible for technology and information security related risk and controls.

• Technical knowledge in the areas of Database, OS, Application security, network, cyber, data , cloud security , Asset Security, Threat/Vulnerability Management and Business continuity.

• Hands-on experience on conducting technology risk assessment on Linux, Database, web applications on Cloud, Azure , IT and Security infra .

• Highly detail-oriented and analytical; must be able to grasp, analyze and apply new information in fast-paced environment.

• Highly organized; ability to work on multiple projects simultaneously.

• Agile and scrum experience

• Excellent time management skills: ability to meet target deadlines.

• Self-starter: ability to manage BAU workload and projects with minimal direction.

• Should have good experience on Banking applications

• Should have thorough knowledge about Business Impact Assessment, Technology Application Controls Assessment, Technology Infrastructure controls Assessment, Detailed Risk Assessment and applicability of security controls. Prior experience on Detailed Technology Risk Assessment is must.

• Should be expert in control areas – Change Management, Platform Security, Operational Resilience, Cybersecurity Resilience, Security Monitoring & Identity and Access Management

• Experience and understanding of regulatory requirements on technology risk governance and management.

Should have good experience on ServiceNow (GRC model), Aveksa, CyberArk, Arcsight, Nessus

• External certifications like ISO 27001 :2013, CISA, CISM, CRISC etc