IT Security and Data Privacy Compliance Manager
Randstad Sourceright is a global talent leader, providing solutions and expertise that help companies position for growth, execute on strategy, and improve business agility. Sourceright's experience encompasses all facets of the talent acquisition of permanent employees and the contingent and contractor workforce. Key offerings include Managed Services Provider (MSP) programs, Recruitment Process Outsourcing (RPO) and Blended Workforce Solutions.
Purpose of the job
The IT Security and Data Privacy Compliance Manager is a critical member of the information technology team. The IT Security and Data Privacy Compliance Manager will work closely with key cross-functional stakeholders across Digital Innovation, Enterprise Risk Management, and relevant business groups to support the risk identification and management process across all aspects of Information Security. The IT Security and Data Privacy Compliance Manager will perform RSRs third party vendor risk assessments across software and hardware platforms both on premise and cloud hosted. The role will also work closely on meeting our clients IT Security and Data privacy requirements.
Documentation and presentation skills, analytical and critical thinking skills, and the ability to identify needs and take initiative are key requirements of this position.
As the IT Security and Data Privacy Compliance Manager, you are responsible for:
The job is composed of a variety of activities, including very tactical, operational activities in support of the CISO's program initiatives, such as:
- Vendor Risk Assessment
- Security liaison
- Architecture/engineering support
- Operational / Implementation support
Perform third party vendor risk assessments
- Work closely with our professional services teams to answer security related questions during new client implementation
- Coordinate all aspects of the issue tracking and remediation process as a result of the vendor risk assessments
- Clearly document and define risks and potential impacts including mitigation proposals and recommendations, providing challenge where needed
- Monitoring risk exposures and performance or key metrics, using and reviewing the risk type methodologies and supporting development of these where appropriate
- Consult with Digital Innovation to ensure that security and privacy is factored into the evaluation, selection, installation and configuration of our technology partners.
- Assist the development of proprietary Randstad tools to streamline Information Security and Data Privacy Compliance and continuous improvement activities
- Provide support and cover for certain time-critical elements of Information Security team responsibilities, such as security investigations, security incident responses, client escalations etc.
- Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
Requirements and qualifications
- A completed tertiary qualification in a relevant discipline (eg. Law, Business, Computer Science or Engineering).
- 5+ years of experience in Information Security, and/or Third Party Management required, additional expertise in Data Protection highly preferred.
- A strong understanding of the business impact of security tools, technologies, policies as well as Data Protection.
- Proficiency in performing Third Party risk, business impact, control and vulnerability assessments.
- Strong analytical skills to analyse security requirements and relate them to appropriate security controls.
- Experience in system technology security testing (vulnerability scanning and penetration testing).
- Experience working with legal, audit and compliance staff.
- Experience developing and maintaining policies, procedures, standards and guidelines.
- Experience in a hands on role of process review, design and implementation
- Experience with common information security management frameworks, such as the International Standards Organisation (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) framework.
- Current certifications in CISSP, CISM, CISA, CRISC or CGEIT are highly preferred.
- Familiarity with data protection principles and GDPR.
- Specific training/qualification - data protection practitioner; ISEC Certificate in data protection is an advantage
- Background in organisations with large data processing being undertaken
- The ability to interact with Randstad personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.
- Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organisation, project and application development teams, management and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols and industry best practices.
Additional skills needed
Technical Skills required:
- High level of skill in data analysis, reporting
- Privacy Seal / ISO27001 / SOC2 type II / Cyber Essentials
- Working knowledge and understanding of privacy laws and guidelines with respect to Data Protection
- Good practice associated with working in a complex technology environment
Personal Skills Required:
- Ability to interface to a distributed team
- Ability to work / problem solve on own
- Analytical skills including attention to detail
- Problem-solving skills
- Confident and professional manner
- Calm and Robust personality
- Good interpersonal and verbal communication skills
- Have tenacity and focus to achieve objectives
Job specific competencies
Thinks through issues by seeing the pattern or big picture, brings facts and ideas together and develops innovative or creative insights. Specifically, applies models or theories; for example: by using a theory to help understand a situation.
Uses comprehensive knowledge and skills to negotiate independently while providing guidance and training to others on how to help the organization by obtaining consensus between two or more internal or external parties who may have different interests.
Customer and Market Analysis
Acts independently using comprehensive knowledge and/or skills to conduct research and analyze data while guiding and training others on how to develop a comprehensive understanding of customer and market conditions that enables maximum return on investments education & experience.
Randstad leadership competencies
Randstad leaders leverage strong intellectual power to identify patterns and draw insights from information in order to conceptualize strategic direction, solve problems and identify opportunities.
Randstad leaders leverage proactively address change on all dimensions. They anticipate change and view situations from different perspectives whilst keeping pace in decision making to realize opportunities and mitigate risks.
Randstad leaders drive excellent execution by setting robust processes to execute strategies and follow through with strong monitoring and operational navigation to ensure results. Is firm and courageous in leading execution.
Randstad leaders enable teams to deliver high performance by providing direction and clarity of purpose, a focus on accountability and the orchestration of efforts. They set high standards and provide the support people need.
Randstad leaders identify potential for synergies across the business and build commitment to achieve shared goals. They thrive on working with people that represent a mix of backgrounds, insights and perspectives.
Randstad leaders build strategic partnerships with clients and stakeholders. They actively shape the external environment for the success of Randstad, leveraging their personal credibility and thought leadership in getting people onside.Randstad SourcerightEA Licence No: 94C3609 ...