security governance specialist.

• Establish controls framework for governing information security assessment processes in the company.
• Operate and continuously monitor this framework, look for areas for improvement and lead initiatives for optimizing it. 
• Ensure security assessment criteria are consistent and map standards correctly.
• Liaise with owners of information security standards to stay on top of changes; provide standard owners feedback and partner with them to align standards with practice.
• Liaise with cyber security architects and regulatory and compliance teams, translate their input into security assessment processes.
• Support businesses in case of any regulatory non-compliance.
• Identify and publish best practices practices for security assessment criteria; partner with engineering and development teams to educate them and to gather feedback.
• Ensure security assessment processes are documented and are in line with practice.
• Support any audited partners with respect to security assessment, provide security assessments related deliverables, and represent the Security Assessment team on the audit.
• Manage any audits on Security Assessments, in partnership with risk teams. Partner with other teams to ensure audit readiness for the Security Assessment organization.
•  Lead audit preparation efforts related to security assessment processes, identify, investigate
  problematic cases to find a solution, escalate when needed.
• Liaise with auditors on their expectations regarding security assessment processes.

• Degree in a related discipline is strongly preferred.
• At least 5 years of experience in similar role, such as information security governance, risk
  management, compliance or audit.
• CISSP, CISM, CISA or CCSP exam, or willingness to pass one of these within one year.
• A broad overview of information security disciplines and governance frameworks (ISO 27001, CobIT, NIST Cybersecurity Framework).
• Security mindset; ability to think the way an attacker would think.
  Ability and willingness to both read and write technical documentation.
• Ability to oversee an IT architecture and assess it in terms of security.
• Ability to learn and understand new technologies and systems.
• Experience in multiple domains of IT or security, such as network security, identity management, key management, cloud security, software development, devsecops, etc.
• Hands-on experience in some areas is a plus.
• Communication – excellent writing and verbal skills, ‘can do’ attitude.

• opportunity to work on the internal security posture for a large financial company and thus shape the industry overall
• exposure to a broad range of investment technology businesses and products
• access to their world-class testing lab with physical hands-on using hundreds of devices in the IT security ecosystem
• competitive compensation package
• access to our client's huge training database and subscription to external online training
• a socially active team and communities with diverse networking opportunities
• flexible work arrangements
• Paid Parental Leave Program
• They offer recognition of your efforts through their compensation package with added benefits:
  o Private Medical Care Program and onsite medical rooms in their buildings
  o Pension Plan Contribution to Voluntary Pension Fund
  o Group Life Insurance

Boglárka Tóth

boglarka.eva.toth@randstad.hu

Annamária Cseh-Szombathy

annamaria.cseh-szombathy@randstad.hu