Senior Consultant Job

Job Description

OVERVIEW

Job Title

Senior Consultant

Job Code

Grade

Direct Reporting Relationships

Division

Department

Section

Unit

ROLE PURPOSE

The aim is to state the overall significance of the job from the organization’s perspective.

The role holder is responsible for assessing and documenting Elm’s compliance and risk posture as they relate to the information assets. The role holder is also responsible for providing highly skilled technical and information security expertise for development and implementation of the information security risk management program. Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide detection; standards and testing; risk assessment; awareness and education; and development of policies, standards, and guidelines

KEY ACCOUNTABILITIES & ACTIVITIES

This section describes the principal outputs required from the job.

Key Accountabilities

Key Activities

1. Daily Operations

• Implement the day-to-day operations assigned for the Corporate Cyber Security Management Department / Section to ensure compliance with the established standards and procedures.
• Identify opportunities for continuous improvement of systems, processes and practices taking into account ‘international best practice’, improvement of business processes, cost reduction and productivity improvement.
• Prepare reports of Corporate Cybersecurity Governance department timely and accurately to meet company and department requirements, policies, and standards

2. Daily GRC Activities

• Responsible for procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices.
• Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
• Liaise with Internal Audit, Corporate Compliance and Risk Management to remediate new and outstanding issues, track security related issues in the Cyber Security Department.
• Oversee Elm’s security policies, standards, guidelines, and baselines.  Ensure policies are reviewed and updated regularly.
• Promote and monitor ELM’s wide Security awareness program.
• Work with Internal Audit, and outside consultants as appropriate on required security assessments and audits

3. Cyber Security GRC Management 

• Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
• Lead the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
• Manage, coach, lead and develop a small staff of GRC personnel.
• Maintain expertise on security trends through training, research, and development in order to mitigate potential security exposures.
• Train other staff and external clients as necessary.

4. Cyber Security GRC Strategy & Planning

• Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI DSS, ISO2700x
• Lead the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
• Establish and oversee formal risk analysis and self-assessments program for various Information Services systems and processes.
• Develop, promote, and monitor Elm Electronic Records Retention program. Work with business units to ensure data is properly classified.

5. Policies, Processes & Procedures

• Implement approved departmental policies, processes, procedures and provide instructions to subordinates/team members and monitor their adherence so that work is carried out in a controlled manner.
• Comply with all relevant safety, quality and environmental management policies, procedures, and controls to ensure a healthy and safe work environment

6. Information Security

• Ensure the compliance with all relevant information security practices and standards to ensure data integrity and confidentiality