Governance, Risk

**Description**:
**_OmniAccess is hiring_** We are in search of a Governance, Risk & Compliance Consultant

**Description**

The GRC (Governance, Risk & Compliance) consultant is a security professional who provides guidance and leadership to OmniAccess security and compliance solutions and services. You will coordinate the implementation, development, maintenance and evolution of the compliance-related services. You will collaborate closely with Devel, Infrastructure and Operations teams by providing compliance end-to-end security advice.

**Responsibilities**:

- Work and implement IMO Security framework for our customers.
- Carry out professional services (risk assessments, certifications)
- Be part of the maintenance of the ISMS certification process for Cyber Security services (ISO 27001, etc) and OmniAccess as a company.
- Identify and manage the actions required to ensure compliance to the required governance standards.
- Create and maintain policies within our Information Security Management System, to support business requirements and align with ISO 27001.
- Maintain a register of security controls, to identify compliance against security standards, including ISO 27001, NIST, COBIT etc.
- Develop and enhance security policies, processes, procedures, and technical controls to strengthen Omniaccess’ security capabilities and resilience to cyber threats.
- Participate in Omniaccess Risk Management process and audit activities.
- Collaborate with other Cyber Security services to achieve a holistic service portfolio.
- Assist with security incident management and response activities.
- Arranges compliance training for staff.
- Travel needs: Up to 15%

**Requirements**:
**Knowledge and skills**
- Have at least 3 years hands-on working experience in a similar role.
- CISA, ISO 27001 Lead Auditor, Lead Implementer, CDPSE.
- Excellent working knowledge of security and governance, risk, and compliance within an enterprise environment.
- Hands-on experience of enterprise information security and standards for example: ISO 27001, 27002, ENS, GDPR or Cyber Essentials.
- An ability to communicate complex risks to diverse audiences, orally and in writing, in an easily understood, authoritative, and actionable manner.
- Able to quickly build positive relationships and collaborate across technology teams, with the wider business and partners and develop a good understanding of their strategy and key business drivers.
- Experience of formal document creation, such as the creation of reports or procedures.
- Experience of carrying out risk reviews, technology audits or other similar work.
- Excellent written and spoken English communications.

**Desired attitudes**
- Always strive for quality and extraordinary results.
- Excellent communicator able to transmit and excite others.
- Be a positive person, able to work with others achieving a common goal.
- Organized and disciplined, able to work with complexity and uncertainty.
- Willing to add her/his views and ideas inside a diverse group that wants always to improve.
- Feeling accountable for the work and the results done by you and your teams being able to take responsibilities in other areas further to her/his own one.
- Take care of others as part of the overall OmniAccess team.

**Benefits and Perks**:

- Breakfast, high-quality daily lunch at a very low cost, fruit and snacks all day long.
- Every Thursday you will have a free lunch with your colleagues.
- Gym and game room at your disposal.
- Working in a hyper-growth environment, you will enjoy numerous learning and career development opportunities.
- A professional working environment with motivated Engineers coming from all different horizons and countries with a common passion for telecommunications.
- Private health insurance
- Continuous training and possibilities for further growth as the company expands.
- Be part of an international team from different backgrounds that appreciates diversity and is based in a Technology Business Park in Palma de Mallorca.