Responsibilities:
- Prepare and perform the Data Classification exercise across all Lines of Business with various stakeholders up to C-Level
- Produce documentation for the wider company audience to explain and better guide staff in selecting the best data classification labels for their information
- Collect the up-to-date information from Business regarding their most valuable data and its use on a yearly basis (at minimum) and support the business in evaluating the most appropriate classification
- Maintain a proper audit track on signoffs provided by the Business, Information Security and the Data Privacy Office regarding Data Classification topics
- Act as intermediary with the IS Project Reviewer to be able to evaluate the most appropriate Data Classification level for new data
- Monitor the applied Information Security labels and track non-compliance with the Data Classification register
- Manage and maintain the Data Classification register, a consistent record of the most valuable data in the organisation, their owner, their classification, and their location
- Act as a champion for Information Security when dealing with areas of the business, providing assistance with the raising of information risks and explaining current policy as required
- Maintain close working relationships with appropriate teams across and outside of Information Security.
- Master's degree in Computer Science, Engineering, or related field with a minimum of 5 years of professional experience in Risk Management (Required) and/or Information Security (Preferred)
- Expert in synthesizing and clearly communicating complex information to all audiences up to C-Level leaders (Required)
- Experience in articulating risks in business language and advising on the appropriate risk management action (Required)
- Experience in Data Classification, process discovery or Business Impact Assessment (Required)
- Excellent attention to detail and the ability to create clear, concise and engaging presentations breaking down difficult problems (Required)
- Expert analytical and reporting skills (Required)
- Excellent interpersonal and collaborative skills (Required)
- Expert in Microsoft Office (Word, Excel, PowerPoint, SharePoint) (Required)
- Experience in multinational companies (Required)
- Strong knowledge of Risk management (Required)
- Strong knowledge of Risk management frameworks (ISO 3100X, NIST 800-30/37/39, ENISA, EBIOS, OCTAVE, FAIR) (Required)
- Strong knowledge of Information Security frameworks (Mitre ATT&CK, NIST, ISO 2700X ) (Preferred)
- Experience in information security management reporting and related methodologies (Preferred)
- Information Security and/or Information Technology industry certification (CISSP, CISM, or equivalent) (Preferred)