IT Security, Risk and Compliance Manager - EZRA

• Be the recognized expert in the field of Information Security within the EZRA organization.
• Provide oversight and guidance for appropriate security controls of AI technologies in EZRA.
• Act as the main point of contact and coordination for all client IT Security questionnaires, contract reviews and IT vendor reviews for EZRA.
• Complete responses to client questionnaires in a timely manner and ensure that service level agreements are achieved.
• Review and mark-up IT security components of client contracts in a timely manner to ensure that service level agreements are achieved.
• Join discussions with clients to explain EZRA’s security posture and support client audits.
• Review and document outcomes for IT Security reviews of vendors in a timely manner and ensure that service level agreements are achieved.
• Considering feedback from stakeholders, maintain and develop the processes to receive, prioritize, complete and communicate responses to client IT Security questionnaires, IT Security reviews of client contracts and proposed IT vendor reviews.
• Maintain records of client remediation requirements and progress towards resolution.
• Prioritize incoming questionnaires and vendor reviews based on business value, reputational importance and project deliverables.
• Continuously improve the library of resources containing common responses to standard questions and supporting evidence for client questionnaires.
• Prepare reports and analyses documenting progress and adverse trends, make appropriate recommendations and draw conclusions when needed.
• Liaise with other Assurance functions (Internal and External Auditor), coordinate security audits and ensure that remediation plans are defined and implemented in line with agreed dates.
• Participate in discussions around new/existing initiatives, assessing and consulting from Security, Compliance and Risk perspectives.
• Provide support as required for all other security related matters as reasonably requested by the Line Manager.

• University degree preferably in a technical subject or comparable education
• CISSP, CISA, CISM or similar certification preferred

• 3-5 years’ experience in a similar role within a Global Organization
• Demonstrable knowledge of Risk Management frameworks and Information Security standards (such as NIST 2, ISO 27001, SOC2, COBIT).
• Demonstrated experience and exposure in the international Security, Risk and Compliance arena.
• Ability to communicate technical issues in simple terms to support a variety of technical and non-technical business roles.

• Strong collaborator, ability to build pro-active, co-operative working relationships with customers, peers and key stakeholders based on respect and teamwork.
• Able to share feedback in a constructive manner to cultivate a continuous improvement culture.
• Ability to deliver successful outcomes under pressure and to manage crisis situations effectively.
• Able to evaluate information, identify key issues and formulate conclusions based on sound, practical judgment, experience and common sense.
• Experience with, and sensitivity for, diverse cultures.

• Ability to conduct both written and verbal business communication effectively in English is essential.
• Any additional language is a plus especially French, Spanish, German or Italian.

Posting date: 11-12-2024