Job Details

Data Policy and Control Frameworks Lead (CORPORATION)

Copenhagen, Denmark
  • Employment Type: Direct Hire

Our client, a major bank in Europe, is building a Privacy, Risk, and Governance group under their CISO and is willing to relocate top talent from America for this department. Anyone willing to relocate to Denmark, fully paid, with competitive compensation, socialized healthcare, and an opportunity to make a huge impact on a massive bank, keep reading! This role will serve as the Policy and Control Frameworks Lead responsible for driving increased awareness of policy throughout IT and various business divisions. The Lead will handle maturing the information risk policy and supporting regulatory response, incident reporting, risk scoring and risk ranking as these relate to policy. NIST Cyber Security Framework, ISO, GDPR, SOX and other applicable industry standard policy framework knowledge is required. This role will manage a team that is responsible for the upkeep of Information Security Policy. The ideal candidate will have experience in Information Governance, Risk or Security. Credentials such as IGP, CISSP, CSSLP, CIPPE, ITIL, or CGRC advantageous, but not required. Send resumes to [email protected]

Job Description:

  • The Policy and Control Frameworks Lead will be assigned to very interesting tasks that includes driving increasing awareness of the policy throughout Group IT and our various business divisions; the work will be exciting and challenging because the Policy and Control Frameworks Team will set policy over critical business processes and support important regulatory response
  • Client is looking for Policy and Control Frameworks Lead that will work as part of the ITBRC team to mature the information risk policy, support regulatory response, support incident reporting to regulatory bodies, review risk scoring models and risk ranking as these relate to the Policy; the Policy and Control Frameworks Lead will assist in updating the policy with management direction and see that the Information Security Policy is operationalized and actionable 
  • Work will include development and maintenance of the policy framework in accordance with ISO, NIST and other applicable industry standards, regulatory requirements and business drivers; the role will strengthen the Policy and Control Frameworks by making the policy framework actionable and supporting colleagues across the bank in understanding and implementing information security policy requirements

Responsibilities:

  • Manages the team that is responsible for the upkeep of the Information Security Policy and will manage and deliver training on the use of the policy
  • Works across multiple frameworks and regulatory standards including, but not limited to, NIST Cyber Security Framework, ISO, GDPR, SOX, etc.; the successful candidate will liaise with business groups and other stakeholders globally to support Policy management as a top priority, to better enable the bank’s risk mitigation objectives
  • Manages and maintains IT security and risk policies and the related guidance for risk and information security control frameworks
  • Reviews and makes more actionable the policy, addressing topics such as the following (some may be owned by other teams and you will support from an information security point of view):
    • Information Security 
    • Acceptable Usage 
    • Access Control 
    • Business Continuity 
    • Cyber Risk
    • Disaster Recovery 
    • Information Classification 
    • Physical and Environmental Security
    • Security Incident Response 
    • Password Management
    • Clear Desk 
    • Information Transfer 
    • Mobile Device 
    • Software Installation 
    • Backup 
    • Antivirus and Malware 
    • Encryption 
    • Privacy 
    • Supplier Relationship 
    • Records Management 
    • Web Application Security 
    • Change Management 
    • Cloud Services 
  • Provides policy awareness and leadership for the bank’s overall governance, risk and compliance program
  • Regularly presents to leadership issues resulting from risk analysis
  • Determines and recommends potential revisions to the policy that are appropriate for the business
  • Works closely within the ITBRC team to determine policy effectiveness over potential security weaknesses and develop creative ways to remediate challenges unique to critical business processes
  • Recommends ways to improve GIS policies and IT security standards and see that the policy is easily understood and actionable by risk owners who can draw on expertise
  • Stays current with industry, regulatory, and legal requirements relevant to Policy and Control Frameworks in information security, IT risk and compliance, and data privacy
  • Writes, reviews and recommends changes to policy guidance documentation in English and sees that the team keeps this guidance up-to-date

Requirements:

  • Bachelor degree in Management of Technology, Computer Science, Mathematics , Risk Management or Information Security or equivalent, with advanced degrees preferred
  • Extensive experience in GRC implementation, processes, and practices
  • Experience with industry standards in Policy and Control Frameworks 
  • Experience with financial services regulatory compliance Policy
  • Experience writing effective policies for IT security risks
  • Familiarity with records management policies, data and document classification policy, the use of collaboration technologies to maintain policy and guidance for information lifecycle practices 
  • Familiarity or prior experience with RSA Archer, ARIS, Collibra, Informatica Policy and Control Frameworks tools, ServiceNow GRC, Solix, IBM Unified GRC, Talend, Clearswift IG Server, OpenText Enterprise Content Management,  or similar technologies would be advantageous
  • Experience with writing policies that enable IT security principles
  • Understands how policy relates to critical risk processes, the technology within the processes and the inter-relationship with the systems supporting the processes for the determination, evaluation, and reporting on technology risk
  • Strong interpersonal and communication skills, must be able to demonstrate excellent English written and oral communication skills, have a good eye for detail and the ability to manage a busy workload 
  • Technical writing certification or experience
  • Information Governance, Risk or Security credentials such as IGP, CISSP, CSSLP, CIPPE, ITIL, or CGRC  (advantageous, but not required)
     

Interested in this job? Get in touch.

(Accepted file formats are PDF, DOC, DOCX, TXT, RTF and ZIP. File size maximum is 2 MB.)