IT Risk and Compliance Analyst
Novi Sad, Belgrade
As the IT Risk and Compliance Analyst, you will play an instrumental role in maintaining our information security policies, standards, and procedures and you will work collaboratively with the entire organization to ensure that these documents are adhered to. This key role will also ensure that our IT governance processes are properly designed and are functioning effectively and that the organization maintains its compliance with all applicable legal, regulatory, and contractual requirements. Finally, as the Risk and Compliance Analyst you will ensure that our company properly identifies, assesses, and manages its enterprise risks. Reporting to the Director of Information Security, you will also work closely with the CFO, the VP of Product Development, the VP of Operations, and all departments throughout the organization.
This position is full-time. The selected candidate will be expected to work 40 hours weekly, Mon-Fri.
If you have the following:
- Experience with defining, revising, and implementing corporate information security policies.
- Experience with coordinating corporate-wide initiatives for obtaining security related assurances (e.g., ISO 27001, SSAE-16, etc.) including process control design and testing.
- Familiarity with federal and state legal regulatory requirements related to information security and privacy.
- Competency in the information security issues affecting financial service organizations and cloud-based application service providers.
- Understanding the basic tenants of enterprise risk management (threat management, vulnerability management, and risk treatment).
- Experience in business continuity planning and vendor management is a plus.
- Bachelor’s degree in information security, information assurance, computer science, management information systems, computer information systems, or a related discipline.
- At least one of the following professional designations (or one of similar stature):
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Information System Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified in the Governance of Enterprise Information Technology (CGEIT)
- Demonstrated excellent interpersonal skills.
- Ability to interface effectively with all levels of employees/management.
- Ability to stay focused to ensure that projects are completed accurately and on time.
- Demonstrated excellent organizational skills
- Ability to prioritize and complete multiple interdepartmental tasks in a timely fashion.
- Excellent verbal and written communication skills
This is what your duties and responsibilities will be:
- Maintaining CWIE’s information security and privacy related policies, standards, and procedures.
- Assessing corporate-wide compliance with CWIE’s policies and standards and taking action to remediate non-compliance.
- Ensuring that CWIE practices satisfy the requirements of the PCI-DSS, SOC1, SOC2 audits as well as all applicable federal, state, and local laws and regulations.
- Ensuring that our company is properly evaluating security risks through a risk assessment framework that assesses the potential impact of threats to the business and CWIE vulnerability to these threats and recommends controls to reduce risks to levels that align with the organizations risk tolerances and appetite.
- Working collaboratively with all departments to ensure that local practices are consistent with corporate information security policies and standards.
- Monitoring the legal and regulatory landscape to proactively address new information security and privacy related requirements.
- Managing and coordinating business continuity planning and disaster recovery planning programs as well as periodic exercises and tests.
- Acting as a professional liaison to our auditors and consulting partners.
- Collecting information for customer due diligence requests and generate responses to customer due diligence questionnaires.
- Managing vendor management / third party service provider oversight program and conduct initial vendor due diligence as well as ongoing vendor reviews.
- Coordinating and document an annual enterprise risk assessment as well as ad hoc project risk assessments.
- Designing and deploying a company-wide security awareness program that is tailored to the needs of specific roles within the organization and is measurable and auditable.
- Managing our vulnerability management program by collecting vulnerability data, tracking the status of vulnerabilities, and reporting on vulnerabilities.
- Designing and implementing a program to collect and report information security related performance metrics and key risk indicators.
What we offer:
- Low stress work environment
- Highly talented, professional and friendly team
- The ability to work with the latest cutting edge technologies
- Paid introductory training
We offer competitive salary package and great benefits that include:
- Private health insurance
- Sports activities
- Fruit, coffee, tea, water and soft drinks… all on the house.
- Bright, colorful offices in New Belgrade and city center of Novi Sad
- All benefits paid pursuant to relevant Serbian laws.
If you are interested in this position, please send a covering letter and CV in English!
Deadline for applications: 15.12.2018.