Jsme jedna z největších personálních společností na světě působících v 60 zemích světa, na českém trhu působíme od roku 1992. Hledáte práci? Adecco Vám pomůže a poradí.

Group Governance, Risk and Compliance Director

Group Governance, Risk and Compliance Director

Functional Title: Group Governance, Risk and Compliance Director

Reporting to: Global Head of IT Security, Risk & Compliance
Job Location: Prague

1. Job Purpose

To develop, manage and maintain the Adecco Group IT Policy Framework and Internal Control Matrix in line with industry recognized security best practices and with other relevant Adecco policies (e.g. Group Audit Policies), including the Security Architecture Framework

To Enhance, manage and maintain the current Security Framework and promote and monitor its adoption within the project delivery

To monitor and follow up Adecco business Units compliance to Adecco Group IT Policy Framework

To provide input to the Global Head of IT Security, Risk and Compliance to define the Security Strategy and to own responsibility for monitoring and reporting its effectiveness

To develop, implement and monitor an information security awareness program across the Group to effectively communicate and raise awareness of the IT policies and the potential impact of security threats and risks

To deliver technology / security risk management framework to enable Adecco better understand, manage and mitigate risks to the business; ensuring that risks are captured, communicated, monitored, and treated as appropriate

To manage and maintain the Adecco Group IT Risk register in accordance with Group Policy

To provide concise and effective reporting to Adecco Executives.

2. Main Stakeholders

• Architect
• Peers in Information Security, Risk and Compliance
• Regional IT Directors
• IT Operations staff
• Third Party IT Service Providers
• Users
• Internal and External Auditors
• Legal
• Privacy
• HR
• IT Quality Managers

3. Measured on
• # open & overdue audit or IT assurance related actions
• Levels of awareness of IT Security and IT Policy Framework across Adecco Group worldwide
• Level of compliance of IT Security and IT Policy Framework across Adecco Group worldwide
• # of security breaches
• # of successful phishing attacks / ransomware infections

4. Main tasks & responsibilities

• Take responsibility for the day to day management of the Adecco IT Policy Framework and Internal Control Matrix; act as the subject matter expert providing advice, guidance and interpretation of the Policy Framework as required
• Work with Enterprise Architecture to ensure that Adecco Security Strategy & Security Architecture standards are contained within the Adecco IT Policy Framework
• Keep up to date with changes in Information Security Technology, standards, best practice and relevant regulatory requirements and ensure Adecco Group Policies reflect this
• Ensure Policy framework standards and policies are reviewed on at least an annual basis

• Research security awareness methods and techniques in the industry an as adopted by major corporations. Select and implement the most suitable techniques for use within Adecco Group

• Coordinate security test resources (both internal & external); Research, evaluate, review and recommend the most appropriate security testing technology for use in formal periodic test programmes across the Adecco infrastructure and applications; Ensure Security tests are carried out across the all regions/countries and ensure report findings are followed up and remedial activities carried out
• Work with the Adecco Global PMO to establish an agreed process for ensuring Information Security is included in all project and program reviews, as required; Ensure this process is implemented and adhered to by all Information Security Management personnel across the IT Organisation
• Develop, test and implement Information Systems Security awareness initiatives and end users
training programmes (in conjunction with Adecco group HR) for Information Security and Data Privacy Matters through creative and effective channels in line with the approved security plan and awareness program. Tailor the core information security awareness messages to make it relevant to targeted departments, thus allowing for ease of understanding.

• Conduct and coordinate a global awareness delivery channel content, such as web sites, e-learning courses, corporate e-mail messages, posters, screen savers, etc., ensuring that the content is kept current, relevant and deployed according to Adecco Standards.

• Measure the delivery of Information Security Protection awareness across the group, (i.e. how many staff have received awareness training through which method) as well as the effectiveness of the delivered awareness program through user testing, surveys and random checks. Produce a monthly report for management based on these measurements, providing analysis and comment on areas for change and improvements

• Work with regional and country information security managers to ensure that all areas of non-compliance with Adecco Policies and Internal Control Matrix have:
o Relevant compensating controls in place
o Actions plans to remediate the deficiencies and that these are being worked on
o Formal sign off and approval from the policy/standard owner
• Maintain a Global register/database of all Policy exceptions and ensure this is reviewed on a regular basis with both the Policy owner and requestor
• To be responsible for collating & collecting evidence that Group ELCs (Entity Level Controls) are effective and interfacing with external auditors by provision of this evidence

• Design, develop, maintain & implement a Global IT Risk Management methodology such that IT risk are clearly understood and adequately managed; Ensure all risks have:
o An identified owner
o An associated action plan to mitigate the risk or a compensating control
o Signed acceptance of risk by relevant senior management

• Develop and maintain periodic reporting on the status of the Cyber Security objectives and of the IT Risk, Audit and Compliance KPIs

• Act as the main point of contact and coordination for all Global IT Audit activity (internal & external)

• Make sure all audit actions (Internal & external) have a named owned and remediation plan; Ensure agreed actions are delivered in line with agreed dates and ensure clear visibility to the Global Head of Information Security, Risk & Compliance of any discrepancies

• Within the ERM process, take responsibility for driving the Global Risk Assessment for IT related risks and reporting back to the Global Head of Information Security, Risk & Compliance and the IT Leadership team

• Reviews and redlines client requested contractual security requirements for international clients contracts in coordination with Group Legal and suggests contractual language updates to ensure compliance with security terms.

5. People, Resource management responsibilities & Decision Power
• Group IT Governance, Risk & Compliance Specialist
• Security Architects (Governance & Oversight)

Design and modification of the policy framework Internal Control Matrix and Security Architecture Framework to include relevant new best practices, in coordination with the Global head of function

6. Minimum requirements & Personal attributes
Education and certifications/training:
• University degree preferably in a technical subject or any comparable education
• CISSP, CISA, CISM or similar certification preferred

Professional & Leadership experience:

• 5 years of experience in a similar position within a Global Organization
• Demonstrable knowledge in key IT Security and Risk Management framework (such as COBIT, RiskIT, ISO17799, ISO 27001)
• Demonstrated experience and exposure in the international security arena dealing with security-related issues

Personal attributes:
• Strong team player
• Ability to build pro-active, co-operative working relationships with customers, peers and key stakeholders based on respect and team work
• Good ability to convince and influence stakeholders from all backgrounds.
• Experience with and sensitivity for different cultures
• Ability to act under strong pressure and to manage efficiently crisis situations
• Good in leadership, inspiring, encouraging and providing constructive criticism to help improve performance of colleagues
• Able to evaluate information, identify key issues and formulate conclusions based on sound, practical judgment, experience and common sense
• Willingness and ability to travel

Language requirements:
• Good to excellent command of English
• Any additional language is a plus

Informace o pozici

Místo pracoviště

Pikrtova 1737/1a, 140 00  Praha-Nusle, Česká republika

Typ pracovního vztahu

Práce na plný úvazek

Typ smluvního vztahu

Pracovní smlouva

Délka pracovního poměru

Na dobu neurčitou

Požadované vzdělání

Bakalářské

Požadované jazyky

Angličtina (výborná), Francouzština (středně pokročilá)

Zadavatel

ADECCO spol.s r.o.

 

Kontakt

ADECCO spol.s r.o.
Katrin Jeggle
Telefon: 00420734444968

Nabídky práce

Vyberte lokalitu