Information Security Specialist

Archer Information Security GRC Data Management

Type of resource : Consulting Based Services (CBS)

Job purpose :

Support the Corporate Information Security GRC team in managing and enhancing the qual-ity, integration, and governance of information security related data within the Archer GRC platform, ensuring alignment with the internal landscape of stakeholders, processes and tools

Broad job responsibilities :

1. Understand Archer customization deployment

2. Data integration Maintain operational data flows between Archer and other internal systems

3. Ensure seamless integration of data sources related to risks, findings, incidents, assessments.

4. Data Quality & Governance Perform regular review of Archer records to ensure accuracy, completeness, and consistency

5. Aggregate data across units and ensure high quality of data

6. Implement data validation rules and dashboards to monitor data quality metrics

7. Users base support Collaborate with security risk managers and officers to ensure timely updates and status changes

8. Assist Units to use Archer for Security Risk Management, and ensure they update records related to information security risk assessments and findings lifecycle

9. Assist in the data collection and reporting for ISO27002-based assessments

10. Contribute to the development of dashboards and metrics reflecting control implementation levels

11. Manage applications in Archer, e.g., linking findings and incidents to risk, risk evaluation, and risk remediation,

12. Map controls to risks and assess impact of controls on risks

13. Compliance reporting & audit support Generate reports for internal and external audits

14. Ensure traceability and documentation of changes in Archer records

15. Ability to understand the mapping and correlation between controls across standards (cross-walk)

Experience required

1. 5+ years in GRC (Governance, Risk and Compliance) functions

2. Hands-on experience in Archer implementation (configuration, data modeling, reporting)

3. Broad understanding of ISO 27001 clauses and ISO 27002 controls

4. Understanding of standards like PCI-DSS, NIST, NIS2, SOC1 / 2

5. Experience in deploying a risk management framework for large organizations

Qualifications

1. Proficiency in Archer (highly preferred)

2. ISO 27001 Lead Implementer / Lead Auditor / CISA / CISM / CISSP (desirable)

Skills

1. Proficiency in MS Excel, dashboarding tools, and data visualization

2. MS PowerPoint

3. Strong analytical skills and attention to detail

4. Ability to work cross-functionally with technical and business stakeholders in a globally matrixed and complex organization

5. Excellent verbal and written communication skills