Job Details

Policy and Control Frameworks Associate (CORPORATION)

Copenhagen, Denmark
  • Employment Type: Direct Hire

Our client, a major bank in Europe, is looking for Policy and Control Frameworks Associates to mature the information risk policy, support regulatory response, support incident reporting to regulatory bodies, review risk scoring models and risk ranking as these relate to the Policy. The Policy and Control Frameworks Associate will assist in updating the policy with management direction and will also see that the Information Security Policy is operationalized and actionable. This role will work across multiple frameworks and regulatory standards including, but not limited to, NIST Cyber Security Framework, ISO, GDPR, SOX, etc. The successful candidate will liaise with business groups and other stakeholders globally to support Policy management as a top priority, to better enable the bank’s risk mitigation objectives. The Associate should be prepared to provide policy support to the overall governance, risk and compliance program and help inform leadership of issues resulting from risk analysis and determining potential revisions to the policy that are appropriate for the business. Send resumes to [email protected]

Job Description

  • Will work on a team that will set policy over critical business processes and support important regulatory response
  • Will handle development and maintenance of the policy framework in accordance with ISO, NIST and other applicable industry standards, regulatory requirements and business drivers;  will also strengthen the Policy and Control Frameworks by making the policy framework actionable and supporting colleagues across the bank in understanding and implementing information security policy requirements

Responsibilities 

  • Supports the management and upkeep of the Information Security Policy and will assist with delivering training on the use of the policy
  • Works across multiple frameworks and regulatory standards including, but not limited to, NIST Cyber Security Framework, ISO, GDPR, SOX, etc.; the successful candidate will liaise with business groups and other stakeholders globally to support Policy management as a top priority, to better enable the bank’s risk mitigation objectives
  • Helps to maintain policies and guidance for IT risk and information security control frameworks
  • Assists with the review and help to make more actionable the policy, addressing topics such as the following (some may be owned by other teams and will be supported from an information security point of view):
    • Information Security 
    • Acceptable Usage 
    • Access Control 
    • Business Continuity 
    • Cyber Risk
    • Disaster Recovery 
    • Information Classification 
    • Physical and Environmental Security
    • Security Incident Response 
    • Password Management
    • Clear Desk 
    • Information Transfer 
    • Mobile Device 
    • Software Installation 
    • Backup 
    • Antivirus and Malware 
    • Encryption 
    • Privacy 
    • Supplier Relationship 
    • Records Management 
    • Web Application Security 
    • Change Management 
    • Cloud Services 
  • Provides policy support to our overall governance, risk and compliance program
  • Helps inform leadership of issues resulting from risk analysis and determining potential revisions to the policy that are appropriate for the business
  • Works closely within the ITBRC team to support policy effectiveness over potential security weaknesses and support the development of creative ways to tackle challenges unique to critical company business processes
  • Supports the continued maintenance of GIS policies and IT security standards
  • Stays current with industry, regulatory, and legal requirements relevant to Policy and Control Frameworks in information security, IT risk and compliance, and data privacy
  • Assists with writing policy guidance documentation in English and keeps it up-to-date

Requirements

  • Bachelor degree in Management of Technology, Computer Science, Mathematics or equivalent 
  • Some experience in security policy implementation, processes, and practices
  • Experience with industry standards in Policy and Control Frameworks 
  • Knowledge of regulatory compliance through Policy and Control Frameworks, risk evaluation and controls assessments, records management, data and document classification, collaboration technologies and information lifecycle practices 
  • Familiarity or prior experience with RSA Archer, ARIS, Collibra, Informatica Policy and Control Frameworks tools, ServiceNow GRC, Solix, IBM Unified GRC, Talend, Clearswift IG Server, OpenText Enterprise Content Management,  or similar technologies would be advantageous
  • Understanding of IT security principles
  • Basic understanding of how policy relates to processes, the technology within the processes and the inter-relationship with the systems supporting the processes for the determination, evaluation, and reporting on technology risk
  • Strong interpersonal and communication skills; able to demonstrate excellent English written and oral communication skills, must have a good eye for detail and the ability to manage a busy workload
  • Technical writing certification or experience
  • Information Governance, Risk or Security credentials such as IGP, CISSP, CSSLP, CIPPE, ITIL, or CGRC  (advantageous, but not required)

Interested in this job? Get in touch.

(Accepted file formats are PDF, DOC, DOCX, TXT, RTF and ZIP. File size maximum is 2 MB.)