Email : email@example.com
Phone : +61 123456566View All My Jobs
Ensure that our security and compliance accreditations GDPR, PCI DSS, ISO 9001 and ISO 27001 accreditations & ISEA3402 are achieved and maintained
Identify the associated compliance control gaps and oversee the documentation, implementation and testing of the entire compliance control portfolio
Develop and implement compliance control monitoring programs to ensure compliance-related risks are managed to the appropriate level of acceptable residual risk.
Implement and maintain a compliance issue management tracking and resolution process that will address known issues, according to severity and potential impact to the organisation.
Collaborate and closely work together with key internal departmental stakeholders such as Product, Engineering, IT Infrastructure and Finance to achieve and maintain our security and compliance accreditation.
Report the levels of compliance risk and control effectiveness to key stakeholders such as the Board, Suppliers, Legal management, Regulators, Internal/External auditors, etc.
Coordinate audit-related tasks such as ensuring the readiness of managers and their organisations for audit testing and facilitating the timely resolution of any audit findings.
Provide technological advice and insight on compliance requirements to non-IT leaders
Assist business and IT managers with the acquisition of tools and expertise to assist with
compliance- related projects and initiatives.
Execute a compliance training and awareness program that periodically educates the requisite end-
user community on the relevant compliance requirements, and certifies their adherence to the
relevant compliance controls.
Assist in Business continuity planning and review
Execute security awareness trainings for all employees and secure coding training for all developers
Excellent understanding of information security concepts, protocols, industry best practices and strategies.
Experienced in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
Strong analytical skills to analyse security requirements and relate them to appropriate security controls.
Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
A strong understanding of the business impact of security tools, technologies and policies.
(In-depth) knowledge and understanding of information risk concepts and principles as a means of
relating business needs to security controls;
Hands-on, able to see the holistic picture as well be able to dive in the details / depth and vice
Excellent verbal, written and interpersonal communication skills, including the ability to
communicate effectively with the all layers of the organisation;
Project management skills and Risk assessment.
The ability to work effectively together with internal key stakeholders.
Pro-active/self-starter, capable to work with minimal supervision.
Experience and/or a strong understanding of GDPR, and aware of the exceptions that can apply per
Experience and/or an understanding of operating system internals and network protocols.
Experience and/or an understanding of application technology security testing.
• Experience and/or an understanding of system technology security testing (vulnerability scanning and penetration testing).
CISA, CISM and/or CISSP Certifications.
A minimum of five (5) years’ experience in an Information Security role.
A minimum of five (5) years of IT experience.
A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in
information security is preferred.
Experienced with ISO 27001 and PCI-DSS.