Senior GRC Specialist (Cybersecurity), hibrido

Senior GRC Specialist (Cybersecurity) Role description We are still looking for the very Top Talent...and we would be delighted if you were to join our team! More in details, UST is a multinational company based in North America, certified as a Top Employer and Great Place to Work company with over 35.000 employees all over the world and presence in more than 35 countries. We are leaders on digital technology services, and we provide large-scale technologic solutions to big companies. What we look for? We are looking for a GRC Specialist contribute for a project with one of our global customers in the cybersecurity team. Skills: - 4 years experience in audits and compliance and assessments based on national and international standards (ISO27001, ISO22301, ENS, NIST, DORA, NIS2) - Knowledge/certifications in ISO27001 is a must. It is also desirable knowledge in ENS, ISO 27005, ISO22301, ISO 42001, NIST CSF 2.0, NIST, SOC 2, GDPR, DORA, NIS2, CMMC 2.0 - Proficiency with a variety of instruments for assessing and controlling risk (ex. ISO 31000, Magerit v3, COSO) - Experience in implementation of best practices, compliance with information security policies and standards. - Technical experience or applicable knowledge in security architectures for different environments. - Experience related to Cybersecurity ecosystem, deployment experience of security technologies. - Knowledge of different security solutions/technologies: FW, DLP, IDS/IPS, EDR... - Experience in incident response plans and exercises - Fluent in English - Computer Engineering/Telecommunications and/or Master in Cybersecurity It is also desirable and will be considered to hold certifications such as CISM, CISSP, CISA, ISO/IEC 27001 Lead Auditor / Lead Implementer. We will also consider knowledge of HIPAA, ARC-AMPE or OT Cybersecurity (ISO 27019 / IEC 62443) for the more senior role Tasks: - Handle the assigned tasks from the allocated domain with minimal guidance from the leads. (Domain Examples: BCMS, ISMS, Risk assessment (AARR BIAs), GAP Analysis, Incident management, Awareness activities, Data Privacy, etc.) - Independently handle (with very minimal guidance from the supervisors) internal audits or GAP Analysis to ensure compliance with security standards (ex. ISO 27001/ISO 22301/ISO 27701, NIST CSF 2.0, ..) requirement as well as process specific requirements - Responsible for the effective documentation of projects individually. - Point out the non-conformance areas and suggest measures to improve the information security individually. - Ensure that risk management is effectively conducted across the organization, business processes and information systems. - Involve and contribute to customer assurance activities. - Coordinate information security awareness training programs for all the employees, contractors and approved system users. - Coordinate and Review the technical assessments of IT systems and processes to identify potential risks. Submit recommendations to mitigate any risks identified and ensure controls that they are implemented. - Design, plan and execute the Cybersecurity activities. - Directly Interact with customer and communicate detailed technical requirement to the team. - Use independent judgement and discretion to analyze the system security. - Prepare detailed description of user requirements and steps required to perform a compliance project in basis a standard or regulation. - Learn and understand existing regulations or standards requirements. - Independently handle the evidence collection from multiple teams as part of any internal audits. - Policy/Procedure creation activities and process improvement ideas to be implemented. - Research and analytical skills, including the ability to convert complex policy issues into simple briefings and communicate to the audience. Location: 4 days remote 1 day at the office.