HERES SOME INFORMATION FOR YOU?
You will be responsible for guarding the vision, the development of strategy and the implementation of the Information Security Risk and IT Risk Management program within the organisation as part of DAZNs information security management system (ISMS).
HERES A BREAKDOWN OF WHAT YOULL DO (NOT ALL OF IT, JUST THE MOST IMPORTANT STUFF) :
- Providing subject matter expertise in the area of information security, including risk requirements.
- Maintaining the Information Security Risk Register and provide management reporting.
- Keeping the register aligned with the DAZN Risk Framework and supporting the ongoing operations and enhancements for the Cyber Risk program.
- Provide specialist cyber risk expertise to support IT projects, operational teams, and business units upon request.
- Identify, analyse and report information security risks through an internal audit plan.
- Follow up on the implementation status of agreed controls.
- Identify, analyse and report on the internal IT risks, and take ensure of the follow-up.
- Participate in the maintenance of a certified ISMS.
- Define risk policies, standards, procedures and guidelines.
- Ensure effective communication and awareness about risk assessment processes within the business.
- Follow up and report on risk treatment actions implementation and status.
- Support other generalist information security activities as part of the ISMS.
YOULL NEED TO HAVE THESE ESSENTIALS :
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels.An understanding of IT Infrastructure and Cloud Services.Practical knowledge of information security management frameworks including ISO27001, ISO22301 and PCI DSS.Sound knowledge of business and risk management frameworks like ISO 27005, ISO 31000, NIST etc.Experience interacting, presenting and working with C-level executives (CTO, CIO, etc.)Ability to coordinate global team members.IT WOULD BE GREAT IF YOU HAD THESE TOO :
Professional security management certification strongly desirable, such as Certified Risk Information Security Control (CRISC), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), ISO27001 Lead Auditor / Implementer or other similar credentials.ref : hirist.tech)