Description
The Governance, Risk and Compliance Analyst shall be a member of the Information Security & Data Protection Office, working on the development, implementation, and ongoing management of Omilia’s security governance, risk, and compliance program. Enables company technologies and business operations to be structured and configured to meet information security, data protection, and compliance requirements. Contributes to the security governance and control program focused on security policies and standards, IT Control governance, security awareness training, and IT security audits. Facilitates risk assessments that involve investigation of information security and data privacy risks, identification of mitigation factors and evaluation of security controls. Collaborates cross-functionally with IT and business teams to analyze and define security policies and information security standards.
Key Accountabilities:
Policies / Procedures. Define IT security and data protection standards and develop policies, procedures, and other formalised documentation to support compliance, as well as security and privacy performance across the organisation
Develop information security and data privacy policies, procedures, and security awareness program for data protection
Maintain technical and project documentation related to security and data privacy projects, controls, configurations, and procedures
Perform periodic gap assessments to validate compliance on an ongoing basis
Modify procedures and disseminate information to effectively communicate needs and requirements across the company to implement uniformity and knowledge.
Compliance. Drive the required initiatives to support the compliance with required frameworks and standards (e.g., PCI-DSS, GDPR, HIPAA, CCPA, PIPEDA)
Update security controls and provide support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data, and Payment Card Industry Data Security Standards (PCI DSS).
Risk. Perform security, privacy and compliance assessments on new and existing systems, processes, technology
Conduct periodic security audits against documented controls and remediate findings
Coordinate security risk assessments for new products & solutions
Maintain a risk register with clearly defined owners for each risk
Provide assistance to information security leadership to develop strategies and plans to enforce security requirements, identify, and address risks.
Contingency Planning. Perform business impact analysis and assist with development of IT/InfoSec risk registry
Develop contingency plans (Disaster Recovery or Business Continuation Plans) for information technology systems.
Awareness. Contribute to a culture where security and risk management are considered foundational
Develop and deliver training and awareness content to educate the business about security risks, IT security controls and other GRC programs as needed.
Other
Support vendor due-diligence process and help lead and define overall third-party risk management efforts.
Participate in security event analysis and incident response.
Stay up to date and informed on developing regulatory concerns and changing IT and information security trends
Provide security guidance and best practices
Requirements
Academic degree in Computer and Information Science, Computer Engineering, or other related field
At least three (3) years of working experience in Security Operations, or Security Risk Management, or Information Technology, or Cyber Security Programs, or Cyber Security Compliance Management
Demonstrated experience in work-related Governance, Risk, and Compliance (e.g., product security, IT security, secure software development, risk assessment and vulnerability management)
Highly knowledgeable of regulations and security standards such as PCI, HIPAA, GDPR, CCPA etc.
Comprehensive understanding of Technical, Administrative and Physical controls to safeguard information security
Strong interpersonal skills and project management skills
Effectively communicate technical issues to diverse audiences, both in writing and verbally
Interact positively with staff, the Board, the public, and regulatory agencies in order to enhance effectiveness and to promote quality service
Work independently and prioritize multiple tasks and adapt to needed changes
Ability to work under strict deadlines and remain calm under high pressure/difficult situations
Excellent use (both oral & written) of the Greek and the English language
Security certifications (e.g., CISSP, CISM, CRISC, CISA, ISO27001 Lead Auditor)
Benefits
Fixed compensation;
Long-term employment with the working days vacation;
Development in professional growth (courses, training, etc);
Being part of successful cutting-edge technology products that are making a global impact in the service industry;
Proficient and fun-to-work-with colleagues;
Apple gear.
