Security GRC Specialist - Referrals Only None Bookmark Share Print 345 0 1

Listing Description


In this role, you'll be part of Thoughtworks’ Information Security (InfoSec) team. We are a very distributed team, spread across the Americas, Europe, India, China, Southeast Asia, and Australia.


Working effectively through different time zones is a must for us. InfoSec covers a vast domain of knowledge -- everything has a security angle!


You will be responsible for assuring that Security Governance, Risk and Compliance is managed across our business globally. You will work with a small team of security specialists globally to collaborate with client accounts in Professional Services (PS) and ThoughtWorks-internal operations functions (Ops). As a team you are handling a large number of topics to drive our Ops and PS overall security risk and compliance posture.


You will also be part of the risk, control environment and compliance discipline (or domain) and work with a global team in the design, development and implementation of risk and controls frameworks, in addition you will also work on internal controls and mapping them to various industry frameworks to achieve certifications like ISO 27001, CyberEssentials, FedRamp, TISAX to name a few.


While your main responsibilities will be focused on continuously improving our global risk and compliance efforts from an information security angle, your role will also include collaborating with other information security specialists in assisting Thoughtworks Legal with contract reviews, working with Operations teams to improve their security risk management and consult them on security compliance requirements. You may find yourself supporting our PS teams and accounts regarding risk management or helping delivery teams build in practices compliant with contractual agreements and Thoughtworks expectations



Job Responsibilities




  • Develops and implements policies and procedures to ensure compliance with relevant laws, regulations, and industry standards

  • Help with developing, implementing and supporting risk frameworks, security controls, mapping and associated programs that align with global and regional regulatory requirements. Help countries achieve certifications with FedRamp, ISO 27001, CE+ etc.

  • Review Client contractual agreements and manage client audit requests

  • Implementation of risk and controls processes, identify opportunities for automation and continuously monitor security controls, exceptions, risks.

  • Develops reporting metrics and dashboards and evidence artifacts

  • Collaborate with other InfoSec team members to improve the overall risk and compliance posture of ThoughtWorks

  • Collaborate with Thoughtworks operations teams to support compliance and security risk needs

  • Report to global InfoSec and regional stakeholders on security-related risks

  • Assisting in the development of business continuity plans and disaster recovery strategies

  • Keeping up-to-date with changes in laws, regulations, and industry standards that may impact the organization

  • Perform third party risk assessments and oversight of third party vendors Influence and contribute to standards and controls and drives efficiencies



Job qualifications



Technical Skills




  • A solid understanding of the Professional Services industry

  • Strong understanding of regulatory requirements, security risk management methodologies, compliance and information security standards.

  • A solid understanding of ISO 27001, NIST800-53, NIST CSF and CIS frameworks

  • A good understanding of how security works in federal agencies

  • A good understanding of and practical experience working with security compliance frameworks and standards

  • Certifications that are strongly preferred (not mandatory) such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) will be beneficial

  • Appreciation of the different technical implementation patterns related to security controls implementation, and willingness to learn more as the role requires.

  • Exposure to a variety of control categories pertaining to the security domains such as access control, infrastructure and application security, and data protection.

  • A strong interest in building up knowledge about regulatory requirements across different country legislations. An interest in automated compliance and auditing



Professional skills




  • Strong influencing skills in advocating for security compliance practices, mostly with internal functions.

  • Ability to communicate effectively to different types of audiences Ability to categorize, visualize, and present findings to leadership

  • Capable of self-management while following broad strategic objectives as part of a team

  • Organization of multiple concurrent streams of work with competing priorities Strong sense of commitment and delivery

  • Being able to handle unplanned work

  • Being able to handle alternating phases with high and low workloads

  • Problem solving skills in information security space

  • While we don’t expect travel in this role, there could be occasional travel to other Thoughtworks offices if needed. Remote working is acceptable for this position




Other things to know



Learning and Development



There's no one-size-fits-all career path at Thoughtworks: however you want to develop your career is entirely up to you. But we also balance autonomy with the strength of our cultivation culture. This means your career is supported by interactive tools, numerous development programs and teammates who want to help you grow. We see value in helping each other be our best and that extends to empowering our employees in their career journeys.



Compensation



$120,00 - $180,000


Benefits: https://www.thoughtworks.com/en-us/careers/benefits


The annual salary range posted is subject to many factors and may vary depending on experience, geographic location, job responsibilities, performance, skills and/or training.



Company Policies


It is the policy of Thoughtworks, Inc. to provide a work environment free of discrimination. The Company will take affirmative action to ensure applicants and Thoughtworks employees are treated without regard to race, color, religion, sex/gender, national origin, ethnic origin, veteran or military status, family or marital status, disability, genetic information, age, sexual orientation, gender expression or gender identity. This also includes individuals who are perceived to have any of the aforementioned attributes. Thoughtworks will adhere to all federal, state, and municipal laws and regulations governing employment.



About Thoughtworks



Thoughtworks is a global technology consultancy that integrates strategy, design and engineering to drive digital innovation. For 28+ years, our clients have trusted our autonomous teams to build solutions that look past the obvious. Here, computer science grads come together with seasoned technologists, self-taught developers, midlife career changers and more to learn from and challenge each other. Career journeys flourish with the strength of our cultivation culture, which has won numerous awards around the world.

Join Thoughtworks and thrive. Together, our extra curiosity, innovation, passion and dedication overcomes ordinary.


Listing Details

  • Citizenship: Not Provided
  • Incentives: Not Provided

 

  • Education: Not Provided
  • Travel: Not Provided
  • Telework: Not Provided

About Us

NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

Useful Links

Our Contacts

1765 Greensboro Station Pl.
Suite 900
Tysons Corner Va 22102

(703) 594-7765

requests@ninjajobs.org
www.ninjajobs.org
Chat with us!