Security Risk and Compliance Manager

Alvarez & Marsal

Job information

Firm: Alvarez & Marsal

Location: London

Education: Postgraduate degree

Benefits: Competitive

Apply

We are looking for a Security Risk and Compliance Manager to join the Information Security Team at Alvarez & Marsal. If you are someone that has a passion for Information Security & Privacy as well as, process improvement, automation, and efficiency, then this is the job for you. This role is focused on developing and improving our internal risk & compliance processes at A&M primarily in the fields of information security and data privacy.

Responsibilities

GDPR Compliance

  • Provide advice and the information across the firm with regards to data protection obligations under the GDPR and other Privacy Regulations.
  • Maintain knowledge and understanding and the ongoing development of privacy compliance regulations including ePrivacy Regulation.
  • Ongoing development of A&M’s Data Privacy Framework, including development and implementation of policies and procedures that align with ISO 27001 standards and with data processing standards applicable to A&M’s processing of personal data under GDPR. 
  • Monitor the performance of, and compliance with A&M’s Privacy Compliance Framework
  • Act as a contact point for the Supervisory Bodies across Europe.
  • Co-operate with the Supervisory Bodies, including during prior consultations under Article 36, and consult on any other matter
  • Support the implementation on adherence to the principle of Information Privacy by Design and Default for all new and existing IS systems
  • Oversea Data Privacy Impact Assessment (DPIA) process supporting the business in the performance of DPIA’s review and provide recommendations in response to completed DPIA’s
  • In collaboration with Legal Counsel review all new processing of personal data to establish the Lawful Basis of Processing
  • Where necessary undertake Legitimate Impact Assessments
  • Maintain A&M’s record of processing in accordance with Article 30 of the GDPR.
  • In collaboration with Legal Counsel review all external engagements to verify appropriate Data Processing Agreements are in place between A&M and external parties

  • Work closely with business stakeholders globally to apply heightened security procedures designed to safeguard information based upon risk.  Assess and improve such procedures in coordination with cross-disciplinary stakeholders including IT, Finance, Legal, Engineering, Internal Audit, and A&M business units.
  • Manage audit requirements and deliverables related to various contractual and/or regulatory standards (i.e. ISO 27001, HIPAA, GDPR, etc.).
  • Support potential clients and customers by answering inquiries (RFP/RFI) regarding A&M’s data security and privacy practices.  Coordinate responses to customer questionnaires by working with internal stakeholders.
  • Assist with the review of Master Service Agreements and Statements of Work for appropriate security and privacy language. 
  • Work on third-party risk assessments and compliance requirements for A&M’s vendor risk program and manage the review cycle.
  • Assist with coordinating security and privacy awareness training throughout A&M.
  • Understand/analyze IT security threats, understand risk, articulate operational impact and work as part of a team dedicated to achieving and maintaining compliance to all applicable regulations.
  • Recommend, develop and implement compensating controls to remediate or mitigate known risk and vulnerabilities to an acceptable level.  Work with stakeholders to coordinate remediation projects as required and report on progress to management.
  • As a member of the A&M’s Global Security Office, your position may include other responsibilities in the information security program such as assisting with vulnerability scan remediation and updating risk assessments.

Requirements

  • BA or BS or a higher degree in a technical or related field or an equivalent combination of training and progressively responsible experience in lieu of a degree
  • 4+ years working with the one or more of following compliance & frameworks: ISO 27001, SANS Top 20, Privacy Shield, PCI, HIPAA, DPA, PECR.
  • 4+ years of meaningful work experience across engineering and IT organizations, including security incident response, threat analytics, security operations, and security risk management
  • Working knowledge of common audit and compliance tools.  Experience with a Governance/Risk/Compliance (GRC) platform is a plus.
  • Demonstrated ability to operate effectively at a dynamic company and embrace change
  • Technical aptitude and extreme attention to detail
  • Excellent spoken and written communication skills

Preferred Skills and Experience

  • CIPP/E (2018) or Certified GDPR Practitioner (Highly advantageous)
  • Certified ISO 27001:2013 Auditor or Certified Lead Implementor (Highly advantageous)
  • CISA, CRISC preferred certification
  • CISSP or similar certification is a benefit but not a necessity
  • Familiarity with cloud technologies (such as Azure, AWS)
  • ITIL Foundation
  • Onetrust Privacy Management Systems

Additional Information

  • Competitive pay and benefits
  • An environment in which you can balance great work with a great life
  • Firm with employees in over 60 offices worldwide
  • Some travel may be required

Voluntary Inclusion


It is Alvarez & Marsal’s policy to provide and promote equal opportunity in employment, compensation, and other terms and conditions of employment without discrimination because of race, color, sex, sexual orientation, family medical history or genetic information, political affiliation, military service, pregnancy, marital status, family status, religion, national origin, age or disability or any other non-merit based factor in accordance with all applicable laws and regulations.

Unsolicited Resumes from Third-Party Recruiters

Please note that as per A&M policy, we do not accept unsolicited resumes from third-party recruiters unless such recruiters were engaged to provide candidates for a specified opening. Any employment agency, person or entity that submits an unsolicited resume does so with the understanding that A&M will have the right to hire that applicant at its discretion without any fee owed to the submitting employment agency, person or entity.

Job information

Firm: Alvarez & Marsal

Location: London

Education: Postgraduate degree

Benefits: Competitive

Apply

More jobs

Jobs