IT Risk and Compliance Officer (UK or Europe only)
JOB FUNCTION IT Risk and Compliance Officer (UK or Europe only)
COMPANY Canonical Ltd.
LOCATION Headquarters:London, UK,London, UK
- Shape and drive the company strategy for access controls, compliance, audit, and penetration testing that supports the company’s business units and enables risk management and regulatory compliance. The challenges include identifying where and how we use data; determining what tools and technologies we should deploy; ensuring that preventive/detective/corrective controls are in place and functioning effectively; staying current with government regulations and commercial agreements governing the use of data.
- Collaborate closely with leaders in each business unit to understand what customers they serve and in which markets those customers exist in, how data that they process and retain is categorized, what business processes make use of the data and why, and how the controls provide proper security and compliance. Be a representative for our customers, making sure that customer data is safeguarded and used ethically and responsibly.
- Organize and lead Risk/Privacy/Compliance training programs across departments, in order to educate and inform employees about our practices and standards, raise the level of cooperation and help people to understand the rationale for the rules.
- Manage internal and external audit and testing programs, reporting risks and areas that need correction to the senior management team and prioritizing compliance work.
- Reviewing and responding to security questionnaires and contract questions from customers on Canonical’s information security policies and practices.
Required skills and experience:
- You are familiar with contractual compliance obligations, contractual security, privacy and completing security questionnaires and reviews.
- Experience defining and implementing appropriate methodologies for penetration testing, auditing, secure coding standards, incident response playbooks, forensic analysis procedures, takedown processes/law enforcement/censorship.
- You can speak intelligently about situational awareness, change management, access control, and incident response.
- You have demonstrated ability to communicate complex or detailed technical topics to a non-technical business audience, clearly conveying risk assessments, actions needed, and cost implications.
- You have a general understanding of privacy and compliance legislation in the UK and Europe, including the GDPR.
- Experience in working with legal, audit, and compliance staff.
- Experience in developing and maintaining policies, procedures, standards, and guidelines.
- Experience in driving risk-based decisions supporting business owner expectations and needs.
- Strong knowledge and experience of applicable frameworks and regulatory requirements, e.g. ISO 2700x, PCI-DSS, NIST.
- Strong technical or engineering background, including but not limited to software development, scripting, networking, and cloud architecture.
- Bachelor’s degree (or equivalent) in Computer Science, Information Systems, or related field.
Apply for this Position
If you can see yourself in this remote role and feel you can add to the ongoing success of In Marketing We Trust, then apply via https://www.canonical.com/careers
You may also be interested in these jobs below