Senior Information Security (GRC Specialist)

Our client, specializing in managing Data Centers is looking to recruit for a Senior INformation SEcurity (GRC) Specialist to join their team in Malta. You will be responsible for implementation and maintenance of controls, processes and audits required for the implementation, maintenance, and improvement of the company policies.

Your responsibilities will include:

• Develop and maintain the company’s Information Security related policies, procedures, and work instructions
• Ensuring the continual improvement of the company’s ISMS, PCI DSS and GDPR programmes
• Assisting with the design of information security processes, policies, and procedures
• Performing periodic audits of key security controls, processes, and audits to ensure operating effectiveness
• Contribute to the development of appropriate security KPIs, objectives and strategies, towards improving the company’s security posture and security maturity
• Maintain and improve the security education, training, and awareness framework
• Performing information security risk assessments
• Maintain the company’s Security Risk Register and liaising with other relevant parties within the organization
• Contributing to the ISMS Committee
• Providing advice on ISO27001, PCI DSS and other relevant compliance standards
• Participate in regulatory audits and assist Legal and Compliance teams as may be required.
• Assist teams in supplier onboarding risk assessment process
• Project Manage assigned projects, developing project scopes and objectives, involving all relevant stakeholders, and ensuring technical feasibility.
• Perform assignments from beginning to end (identification of risks, controls, weaknesses, recommendations, best practices, sampling, reporting, etc.)
• Identify significant risk exposures relating to control processes and make appropriate recommendations.
• Perform IT audit action item follow-ups on previously raised findings.
• Establish and maintain relationships with internal departments as well as third parties/vendors

• Experience within the field of IT audit/IT advisory for at least 2 years.
• Good understanding of ISO27001 and SOC requirements
• Knowledge of GDPR Law
• Natural problem solver, having a pro-active approach, self-motivator and self-driven
• Excellent written and oral communication ability in English
• Ability to multitask and prioritize tasks that are important and urgent
• Experience in managing a team would be considered as an asset

• Bachelor’s degree in Information Systems, Computer Science or a relevant area
• Certifications such as CISA or CISSP

• Car Cash allowance
• Performance bonus
• Health insurance