Skip to main content

Governance, Risk and Compliance

On behalf of our client, a leading telecoms solutions provider we are looking for a Governance, Risk and Compliance to be based at their offices in Nicosia, Cyprus.

Main Duties and Responsibilities

  • Establishes and maintains a corporate-wide information security management program to ensure that information assets are adequately protected.
  • Designs, implements and monitors a strategic, comprehensive enterprise information security strategy and IT risk management program.
  • Controls and influences the network security budget and ICT investment decisions.
  • Plans regular penetration tests and oversees their implementation with adequate information security suppliers.
  • Accounts for the end-to-end lifecycle of information security operations.
  • Evaluates the IT threat landscape and Devises policy and controls to reduce risk.
  • Keeps abreast of developing security threats, and helps the board understand potential security problems that might arise from acquisitions or other big business moves.
  • Ensures that the organization is adaptable to evolving compliance regulations
  • Establishes a robust crisis communication channel, disaster recovery and risk management system
  • Makes sure all the above initiatives run smoothly and within allocated budget
  • Provides leadership and clarity about importance of Information Security
  • Understands and interacts with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
  • Contributes in approving on selection testing, deployment, and maintenance of security hardware and software products as well as outsourced arrangements
  • Demonstrates ability to visualize the total process and aids in locating problem areas using process mapping, quality improvement, and visualization tools to locate, quantify, and correct root causes of problems
  • Performs periodic evaluations to maintain processes by gathering pertinent information such as problem symptoms, potential causes, and root causes, tracks, analyses and monitors technology performance metrics

Main Requirements 

  • University Degree in Computer Science, Information Technology, Management Information Systems, Computer & Communication Engineering or any relevant field
  • Previous experience of 7-10 years a similar role
  • ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, CISM, CEH or any professional security certification is needed
  • Proficiency in Greek and English, French is a plus 
  • Experienced in risk management, information security and IT
  • Proven experience in building technology related strategies
  • Solid foundation in Security Centric Tech such as: DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies, coding practice.
  • Thorough knowledge of security systems including Firewalls, IPS, WAF, SIEM, Antivirus, Malware protection and Anti-SPAM Engines
  • In-depth expertise in ethical hacking and threat modelling and intrusion detection/prevention protocols
  • Thorough knowledge of security challenging systems including Penetration Testing and Vulnerability assessment
  • Thorough knowledge of systems including Servers, Switches, Routers, NAS Storage, SAN Storage
  • Thorough knowledge in Disaster Recovery and Business Continuity Planning • General good database and database administration knowledge for MS-SQL and Oracle
  • Experience with network topology and configuration (LAN, WAN, WLAN)

Benefits

  • Attractive remuneration package
  • 21 days annual leave
  • Everyday lunch
  • Yearly bonuses based on the Company’s and employee performance 
  • Flexible working hours
  • Modern office environment
  • Continuous personal development and training opportunities

All CVs will be handled with the utmost confidentiality.