The IS Risk and Consulting team assists the Head of Information Risk, Consulting & Compliance in advising top management and may have a direct interaction with the C-level executives down to individual projects on security matters. The primary role of the function will be to assist in major decisions, which could have a reputational and financial impact to ABB, and ensure best practices and security posture of ABB is maintained through engagement with business and IS teams.Promote and drive the risk based approach in service delivery lifecycle by performing risk assessments of applications, services and solutions. Maintain security posture of ABB through consulting and advisory input to IT teams and business initiatives promoting compliance with security polices, standards and best practices.
• Be the trusted senior advisor on IS topics to company IS and business community.
• Proactively engage with stakeholders from business in a dialog on InfoSec risk topics.
• Support project-based activities by providing advisory, consultancy and guidance.
• Perform analysis identifying security requirements for a specific business initiatives.
• Perform InfoSec risk assessments in compliance with ISMS guidelines and IRM framework.
• Review architectural designs, evaluate the adequacy of security controls, identify and provide recommendations on any discovered shortcomings.
• Perform security control analysis, assess security controls adequacy and effectiveness.
• Deliver bespoke consultancy helping IS teams or management to solve IT security problems of various scope and complexity.
• Perform identification of the asset threats, vulnerabilities, associated risks and risk mitigation controls.
• Interview risk owners, process owners, project owners, and asset owners in pursuit of data and information risk.
• 5 years of experience in IT security, risk assessment and/or audit in a global organization.
• Familiar with a broad spectrum of IT Security technology and processes.
• Security consultancy or relevant work experience in a global organization.
• Familiar with techniques and tools for security investigation and controls testing.
• Experience translating assessment results based on SOX, SAS70, ISO27k and 31k family.
• Excellent written, verbal and presentation skills in English.
• Proven ability to provide knowledge transfer and leverage expert knowledge.
• Strong customer facing skills, ability to influence clients and teams.
• Global perspective and cultural awareness.
• Prepared to work in a complex, multicultural, and global team.
• Used to interacting with Senior Stakeholders.
• Experience in working in outsourced environments.
• Security Certifications (CISSP, CISM, CISA etc.) would be a plus.