This role leads the control implementation and assurance of the established Information Security Management System (ISMS) program. The position supports the design and execution of internal security assessments against company requirements and industry frameworks, identifies gaps, and develops corrective action plans. This position reports to the Chief Information Security Officer (CISO). MAIN RESPONSIBILITIES:
- Responsible for the oversight, coordination, and continuous monitoring of the Information Security Management System (ISMS) controls and risks
- Develop, maintain, evaluate, and implement policies and procedures aligned with business, compliance and/or regulatory requirements.
- Support the development and execution of compliance assessments and testing of controls
- Evaluate design and effectiveness of controls through testing and document test results to provide to auditors
- Organize and lead IT walkthrough meetings with control owners from additional teams including HR, Finance, Accounting, Facilities, and Technology
- Provide advisory services for mitigating risks associated with security assessments
- Communicate non-compliance and collaborate on remediation plans with control owners
- Provide assurance to management about state of compliance against Information Security requirements
- Work with internal and external auditors to address document requests and follow-up questions
- Bachelor's degree in Information Systems, Cybersecurity, or related field or equivalent work experience
- 8 - 10 years related experience auditing security frameworks (ISO, SOC, NIST)
- Knowledge of risk management taxonomy, processes, analyses, and tools
- Experience mapping government regulations to Information Security frameworks
- Experience with documenting process flow charts, control mapping, and sample testing
- Excellent communication skills with the ability to manage walkthroughs with control owners and present reports to management
- Strong understanding of IT processes and controls such as access management, change management, IT operations, and System Development Life Cycle (SDLC) controls
- Excellent English written and verbal communication
- Strong organizational skills and attention to detail
- Demonstrate ability to work independently
- Certified Information Systems Security Professional (CISSP), ISO 27001 Lead Auditor, and/or CISA (Certified Information Systems Auditor) certification preferred
We are Alter Domus. Our name means "The Other House" and we're a world leading provider of integrated solutions for the alternative investment industry. We believe in being different. Here, you progress on merit, not who you know. You speak openly, whoever you're speaking to. And it's your freedom to decide which cutting-edge kind of finance professional you want to be. Join more than 4,500 fund administration, accounting, tax, loan administration and legal experts worldwide and take pride in being alternative.
Alter Domus clients include the world's leading asset managers, lenders and asset owners. We're specialists who use the most innovative technologies to create unparalleled solutions for the private equity, real assets and debt capital markets sectors. This is where standout talent advances what's possible in fund administration, corporate services, depositary services, transfer pricing, domiciliation, management company services, loan administration, agency services, trade settlement and CLO manager services.