Information Security GRC Specialist
Middle (2-5 ani)
At Delphi Technologies, we’re about the art of the possible to solve our customers’ toughest challenges. And now we are taking bold steps to do even more. After the Delphi spin-off from end of, the Powertrain Division along with the Aftermarket business of Delphi became an independent company, Delphi Technologies, a Top 50 - Tier 1 automotive entity with $5B in annual revenue, over 20K employees, operating in 24 countries and conducting business with customers in over 150 countries.
As a standalone company, Delphi Technologies is better positioned for continued growth, with the ability to develop more focused and distinct business models. Included in this growth is the new Global IT Center of Excellence, Bucharest based, with an impact in all the locations where we are
Join our team as we embark on this exciting transition with a passionate focus on innovative technologies and a commitment to make green possible.
As an IT Risk and Assurance (GRC) Specialist you will be using professional expertise to enable the effective management of risk and provide functional assurance over related controls for IS in line with risk appetite. You will also engage with key stakeholders to manage, maintain, assess and monitor the risk and control framework and provide timely reporting to relevant stakeholders. It is responsibility of this role to deliver the risk and assurance activities to provide overall assurance over the key services under information security. Support compliance evaluation with external requirements including external and internal audits.
- Tracking and monitoring of information security risk registers
- Identifying and evaluating information security risks using both internal sources (audit findings, penetration test results, etc.) as well as external sources (threat intelligence feeds, threat advisories, etc.)
- Working with internal stakeholders & vendors to advise and provide guidance about the application of IS policies and standards and risk and control management processes.
- Creating reports, dashboards and related communications to report on risks and controls assurance for stakeholders and the various risk and control committees.
- Reviewing and dispositioning information security risk exception requests in accordance with Group policy, and ensuring time-limited risk exceptions are reviewed prior to their expiry.
- Advising business units regarding information security policies and helping control owners address control gaps via identification of possible compensating controls.
- Reporting on Key Risk Indicators (KRIs), Key Performance Indicators (KPIs) for risks.
SKILLS & EXPERIENCE
- Bachelor’s degree in Security Management & Compliance or Computer Science or a comparable course of studies
- 4+ years of experience in IT Security, with a focus on IT Risk and Compliance activities
- Good understanding of and ability to apply commonly-used concepts, practices, and procedures for IT GRC
- Ability to grasp the interdependencies of key business processes and workflows, external market factors and influences that drive the organization, and apply these to the identification of effective risk and controls
- Understanding of at least one information security control framework as, ., the Information Security Forum (ISF) framework, NIST Cybersecurity Framework, COBIT, ISO/IEC 27000
- Upholding generally accepted social and ethical standards in job-related activities
- Effective communication and presentation skills
- Fluent in English
- Preferred experience in information risk and security-related best practices, policies, standards, and regulations (. ISO, ISF, PCI, Data Security Standard, data privacy)
- Preferred certifications . CompTIA Security+, CISSP, Certified Risk Manager (ISCISM, CISA, CRISC