CommunityJobsAdviceEventsReviewsFor EmployersFor ClientsCoach Connect
CommunityJobsAdviceEvents
JOB SEARCH

Cyber Security Strategy & Operations Lead

Finastra

Bucharest, Romania

#10052

Position summary

Your roles & responsibilities will include, but are not limited to, the following:

Collecting and Validating Control Evidence:

  • Facilitate the collection and validation of evidence related to cybersecurity controls for scheduled audits and assessments.

  • Collaborate with internal teams to ensure accurate and comprehensive evidence submission.

Assessment Support:

  • Participate in assessment kickoffs and provide recurring status updates to relevant stakeholders.

  • Respond promptly to internal auditor and assessor requests, addressing any queries or information needs.

Security Control Library Management:

  • Maintain the security control library, ensuring it reflects the latest standards and best practices.

  • Regularly update control documentation based on compliance documents, industry frameworks, and regulatory requirements.

Vendor Assessment & Evaluation:

  • Conduct thorough assessments of third-party vendors' cybersecurity practices, including their security policies, procedures, and controls.

  • Evaluate vendors' compliance with industry standards (e.g., ISO, NIST, SOC 2) and regulatory requirements.

  • Review vendor security documentation, including audit reports, penetration test results, and security certifications.

Risk Identification and Mitigation:

  • Identify potential cybersecurity risks associated with third-party vendors and recommend appropriate mitigation strategies.

  • Collaborate with internal stakeholders to develop risk mitigation plans and monitor their implementation.

  • Maintain a risk register and track the status of identified risks and mitigation efforts.

Process Documentation:

  • Work closely with cybersecurity leaders to document and improve processes and procedures.

  • Capture essential details related to security controls and their implementation.

Performance Tracking and Reporting:

  • Track and report on the performance of audit and assessment support capabilities.

  • Identify areas for improvement and recommend remediation actions as needed.

Control Verbiage Certification:

  • Certify and update control verbiage, aligning it with compliance requirements and industry standards.

Required Experience:

  • Minimum of 3 years of experience in information security governance, risk, and compliance.

  • Experience in security control library management, process writing, control statement writing, compliance documentation recertification, and driving updates.

  • Solid project management skills.

  • Excellent verbal and written English communication skills, with the ability to effectively interact with technical, business, and other stakeholders at all levels of the organization.

  • Superior analytical and problem-solving abilities, enabling assessment of complex security issues, prioritization of tasks, and development of practical solutions.

  • Adaptability in tailoring conversations and presentations for different audiences, spanning technical, non-technical, and executive leadership.

  • Demonstrated commitment to continuous learning and professional development in the field of cybersecurity.

  • Certification in information security or GRC is a plus (CISM, CISA, CISSP, CGRC, etc.)

  • Flexibility for consistent availability for Eastern (UTC-5) and Pacific (UTC-8) time zones.

Education/Certifications Desired

  • Bachelor's degree from an accredited college or university, or equivalent experience.
  • Knowledge and experience in understanding implementation guidelines from security control frameworks, such as NIST CSF, NIST 800-53, PCI DSS, CIS, COBIT 5, CSA/CSM, ISO 27001.