As the Senior Information Security Specialist, you will be a part of Governance, Risk and Compliance (GRC) function of the Information security team at Clarivate, a dynamic team that is working cross company at all levels. You will be responsible for maintaining and reporting on compliance activities related to information security and privacy audit processes, key security initiatives and tests.
About You – experience, education, skills, and accomplishments
-
BSc degree graduate in a relevant field or equivalent technical training.
-
7+ years demonstrated experience in Information security at a global company
-
Experience with NIST standards, NIST 800-53, ISO 27001/2, SOC, CMMC
-
Applicants must be legally authorized to work in the United States.
-
Applicants must have resided in the U.S. for the past two consecutive years
It would be great if you also have . . .
-
Experience in creating and implementing processes
-
Knowledge of risk assessment and security baselines
-
Knowledge of ISO Certifications
-
Experience handling tasks in a matrixed organization
-
Additional languages, an advantage
-
Security certifications – CISO, CISSP and/or CISM
-
English at a high level - both written and spoken
-
Project management skills to drive projects and initiatives across multiple departments
What will you be doing in this role?
-
Lead internal and external audit processes for NIST 800-53v5 FedRAMP and leading Compliance activities
-
Implement the key initiatives/projects focused on the reduction of security risks, governance, and compliance.
-
Participate in security and privacy compliance assessments on new and existing systems, processes, and technologies.
-
Support internal and external audit processes such as ISO 27001/ISO 27002, SSAE 18 and leading standards for Information Security
-
Enhance operational effectiveness of audit activities to further align to company strategy and risk management
-
Assist with the education and awareness programs to promote security and privacy in the company.
-
Inform the CISO or DPO regarding security and privacy concerns and recommend courses of action
-
Tactically maintain and operate the risk management systems
-
Participate in completing security questionnaires, contract reviews, RFPs, and tenders
-
Review proposed changes on an ongoing basis to determine the impact on security and privacy
About the Team
Our Governance, Risk and Compliance (GRC) team consists of 11 individuals located across the globe, a dynamic team that is working cross company at all levels. Our team’s primary focus is to ensure that our services comply with security industry standards, based on strategy aligning with our business goals, managing risk effectively, and maintaining government and industry regulations frameworks.
Hours of Work
This is a full-time position, primarily working core business hours in your time zone, with flexibility to adjust to various global time zones as needed. This is a hybrid position working in the office up to 3 days a week.