D-ploy GmbH is hiring a
Governance & Risk Management Expert in Spain

Summary

D-ploy is a growing IT and Engineering Solutions company with operations in EMEA and the USA. They are seeking an experienced Information Security Risk Manager to support the design and improvement of their information security framework, assess risks and implement compliance measures, and drive the implementation of a GRC platform. The ideal candidate should have at least 10 years of professional experience, a degree in Information Security or IT, relevant certifications, and experience in implementing controls for various regulations.

Requirements

• Minimum of 10 years of professional experience in information technology, at least 3 years as an information security risk manager
• Bachelor’s or Master’s degree in information security, or in Information Technology
• Relevant information security professional certifications e.g. CISSP, CISM, CRISC, CISA, GSEC-GIAC, ISO 27001 auditor / practitioner

Responsibilities

• Support the design and improvement of the information security framework (ISF): policies, controls, procedures using the NIST Cyber Security Framework; including third party risk management
• Assess new and existing systems, data flows, business processes, and third party providers engagements and services to implement and verify compliance to the ISF
• Perform information security risk assessments such as security business impact analysis (BIA) and business dependency analysis; security controls plans; controls maturity assessments; third party provider risk profiling, risk assessments and audits
• Maintains the information security risks and issues registers, deliver high quality reports and run information security committees meetings with business and IT management to manage risks
• Support the design and improvement of the third party information risk management policies, controls and procedures. Assist or lead assessment of information security risks arising from engagement with third party providers and drive remediation efforts
• Design, improve and periodically report security key risk indicators and metrics to IT and business management to support continuous improvements and increase security maturity in our business processes
• Designs, and delivers the security education training awareness program (SETA) across all business functions. Manage external resources supporting the security awareness activities

Preferred Qualifications

Desirable: Experience in implementing controls and managing compliance risks in regards to GXP regulated systems, data protection regulations such as EU and UK GDPR, CCPA, and cyber security regulations such as the EU NIS2, and the USA SEC Disclosure Requirements

Benefits

• Broad range of activities, tasks, and projects
• Flexible working conditions
• Vouchers (B-day voucher, wedding, and new born surprise)
• Fishing for Friends program – our referral program
• Refreshments in the D-ploy office
• Further development and professional advancement
• Friendly and international working environment
• Company-sponsored events
• Competitive salary and various benefits