As a Security GRC (Governance, Risk, Compliance) Specialist, your role is important in helping Capgemini uphold its commitment to compliance and security leadership with our customers. We’re looking for someone with a drive for excellence, adherence to compliance, and a demonstrable passion for security – if you have a favorite security principle we’d love to talk to you!
Typical tasks and responsibilities for this security specialist are:
- Ensure that compliance requirements and IT risk management are fulfilled in service operations
- Ensure and maintain security requirements in the services, technical infrastructure and ways of working
- Establish and maintain a governance framework for compliance and control of internal, customer, and international requirements (ISO 27001, PCI DSS, etc.)
- Able to manage both an internal and external audit function for customers and external audits both as a solo auditor and as an audit team leader
- Provide assistance and guidance to management and staff regarding compliance issues, firm policies and procedures, and industry regulations
- Track security and compliance-related KPIs and metrics, and assist with reporting on those metrics to senior management
- Function under minimal direction and guided by specific objectives or statements from contracts and SOW, contract deliverables, and outcome metrics
- Perform other compliance-related tasks as assigned
By joining us you will become a part of independent team of professionals focusing on results in dynamic, fast paced projects environment, specifically in area of GRC/Security.
We promise you will never be bored with monotonic, day to day operational tasks. Instead, you will be tackling challenges requiring analytical and creative thinking. Our strategy assumes growth through which we will bring an accessible set of consulting skills to the market. We strive for our consultants to be well balanced between business and technology areas.
Being part of us is a steep learning curve but also a lot of fun deriving from the culture of our team. Oh, and did we mention the travelling to collaborate with our partners from around the world? Here’s a thought, if you think you’ve got what it takes and are equally excited about technology, we should at least have a chat.
Desired Skills and Experience:
- Knowledge of ISO 9001, ISO 20000, ISO 27001 and PCI-DSS and of the global data security regulatory environment
- Proficiency in performing risk, business impact, control and vulnerability assessments using manual or automated tools
- Strong written and oral communication skills
- Organized, responsive and highly thorough problem solver
- Bachelor’s degree (or above) of computer science, network engineering, or relevant security-related experience
- Ability to research and interpret new rules and regulations
- Having one of the following certifications is helpful, but not required: CISA, CISSP, CRISC, CISM, or PCI-DSS ISA
Atmosphere
- Working with great people and in legendary atmosphere
- No formal dress code
- Annual family picnics
- Unforgettable integrational events
- Employee volunteering opportunities and interesting CSR projects
- We value and respect diversity in terms of gender, nationality, roles, age, interests
- Internal celebration initiatives: Children\'s Day, St. Nicholas Day and many more
- Supporting employees\' hobbies: Business Run, e-sport games, basketball, volleyball
Development
- Development in expert or leader competencies
- Broad training offer with possible co-funding
- Access to Harvard Business Review knowledge base
- Introduction plan for new employees and Buddy Initiative
- A wide range of instructor-led and e-learning trainings
- Co-financing for post-graduate studies and courses
- Many companies under one roof / internal headhunters
- Internal development events: conferences, meetings, communities
Capgemini is one of leading global companies offering consulting and IT technologies.
The Cloud is fashionable – everyone’s talking about it, many use it, but only few know what it consists of, how it works, how to access it, and how to take care of it. It is us, Cloud Infrastructure Services, who understand the subject thoroughly. From high level services, through managing equipment and operating systems, internal or access networks to managing applications, IT operations, availability, configurations, and changes. By working in an international environment, we use a number of foreign languages.