The GRC DPO will report to the CISO and will lead the development of the information security governance in accordance with regulatory and legal provisions, including the preparation of policy documents, standards and procedures for securing information in the organization and follow-up and control of their implementation. Including monitoring of the status of events and their compliance with procedures and regulations, as well as routine controls and treatment of gaps related to policy and operation systems, risk management and controls and compliance with regulations.
The GRC DPO will be responsible for risk management and directed privacy. In addition, it will prepare and implement a program for routine control of compliance with the requirements of the Data Protection Regulations (Information Security) and the General Data Protection Regulation (GDPR).
He/She will maintain ongoing contact with various interested parties such as the owner of the database or the database manager in the company, as well as with the regulators. Its role is to mediate and guide the company’s stakeholders in all aspects of “privacy” (DPIA) according to both regulations. All this is within the framework of the policy and conduct of the company’s security department.
The GRC DPO will ensure compliance with regulatory requirements of the company with anemphasis on the Data Protection Regulation (GDPR), which is subject to the administrative and professional supervision for the head of information security in CISCO.
• At least two years of experience in performing audits and compliance with regulatory requirements.
• Conducting surveys and writing gap documents, characterization, reviews, etc.
• Familiarity with information security and information security solutions.
• Knowledge and practical experience in carrying out biased risk management (DPIA) – an advantage.
• Familiarity with local and international regulations and standards on privacy protection – an advantage.
• Experience in certifying organizations to information systems and information security standards (eg, SOX, 357, ISO 27001) – advantage
• Certifications Relevant courses such as: ITGC, PCI Education: Cyber Security Methodology, ISO Lead Auditor
• PCI-DSS, SOX, Professional
• Bachelor’s degree in industrial engineering and management, information systems, or business administration – an advantage.
• Full control of office software (PowerPoint, Word, Excel), including control of Excel-required functions.
• Training in the fields of law and corporate control – an advantage.
• Initiative, independence and a very high learning ability.
• Excellent interpersonal relations and team management.
• High technical writing of procedures, policies and technical instructions.
• High level English language proficiency (speech, writing, reading) – required.