Principal Information Security Consultant at Westpac focusing on security protocols and employee benefits for staff. Hybrid role centrally located with opportunities for professional development and employee perks.
CE
Hybrid Senior Specialist, Information Security Governance, Risk & Compliance
Posted 3 months ago
About the role
- Senior Specialist in Information Security Governance, Risk & Compliance at Cellulant, driving information security, privacy, and compliance standards within BFSI context.
Responsibilities
- Develop, maintain, and enhance the Information Security Management System (ISMS) based on ISO 27001/27002 or equivalent standards.
- Conduct enterprise-wide information security risk assessments, risk treatment planning, and continuous control monitoring.
- Maintain policy frameworks, standards, guidelines, and procedures.
- Ensure timely closure of information security findings across the business.
- Manage compliance with industry regulations and BFSI-specific frameworks (e.g., PCI DSS, SOC 2, ISO 27017/18, ISO 27032, local data protection acts).
- Track and report security posture, cyber risk exposure, key metrics, and compliance maturity to leadership.
- Own and evolve the Cellulant’s Business Continuity Management System (BCMS).
- Lead the development, review, and testing of BCPs, DR plans, and crisis management procedures.
- Conduct Business Impact Analyses (BIAs) and risk assessments across critical business functions.
- Coordinate and lead resilience exercises, tabletop simulations, and post-incident reviews.
- Support implementation of privacy-by-design and privacy-by-default controls.
- Monitor compliance with relevant data protection and privacy laws (e.g., GDPR, regional data protection regulations).
- Review vendor security questionnaires, external audit reports, penetration test summaries, and data protection agreements.
- Evaluate cloud, SaaS, managed services, and critical suppliers for compliance with BFSI security and privacy requirements.
- Provide expert GRC advisory support to cross-functional teams including IT, engineering, operations, legal, compliance and product.
- Design and promote security and privacy awareness programs.
Requirements
- 5–8+ years of experience in Information Security, GRC, audit, privacy, or risk management roles
- Proven experience working in or supporting the BFSI sector, with strong understanding of industry regulatory, privacy, and security obligations
- Business Continuity Management hands-on experience, including running BIAs, maintaining BC/DR plans, and coordinating DR/BC exercises
- Deep familiarity with frameworks and standards such as: ISO 27001/27002, NIST CSF, PCI DSS, and SOC 2 and ISO 22301
- GDPR (EU), NDPA (Nigeria) and other global/regional data privacy laws
- Strong understanding of cloud security principles (AWS)
- Demonstrated experience producing documentation, process improvements, risk reports, and audit deliverables
- Experience working cross-functionally with technical and non-technical teams.
- One or more of the following (or equivalent): Information Security: CISSP, CISM, SSCP, ISO 27001 Lead Implementer/Auditor Business Continuity: CBCP, ISO 22301 Lead Implementer/Auditor Privacy: CIPP/E, CIPM, CDPSE, ISO 27701 Lead Implementer/Auditor, certified DPO Risk & Compliance: CRISC, CGEIT.
Benefits
- Generous personal time off
- Medical and life insurance benefits (markets permitting)
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Engineer supporting secure development lifecycle processes for product lines in the energy sector. Collaborating with R&D on security requirements and compliance audits.
Automation Oversight Engineer providing oversight of compliance in automated device configurations for Comcast Business. Managing configuration checks and reporting, ensuring reliable oversight and improvement strategies.
Principal Systems Engineer - Cybersecurity role in protecting our nation's products as part of Integrated Platform Solutions team. Develop solutions utilizing RMF, Anti - Tamper, Software Assurance, and more.
Agent de Sécurité assurant la sécurité des usagers du réseau de transport TBM. Rattaché au Manager de Proximité Sûreté, garantissant la qualité de service public de transport en commun.
Web and Remote Access Security Engineer managing secure remote connectivity solutions. Collaborating across security and networking domains to enable reliable access for global workforce.
Security Officer protecting patients, visitors, and staff at Shriners Hospital for Children in Sacramento. Engaging in various responsibilities related to safety and security on hospital property.
Senior IT Security Administrator supporting IT security operations at Uline. Collaborating with teams to develop security procedures and manage risks effectively.
Security Technician at Presbyterian Healthcare Services ensuring safety through patrols, incident response, and emergency preparedness. Responsibilities include monitoring risks and documenting activities efficiently.
Product Security Engineer at Junglee Games ensuring security is integrated into each stage of the software development lifecycle. Collaborate across teams and harden the security of products and platforms.