ISO Assessment DirectorAristocratLondon NW1 2FD United Kingdom26 days agoApplySaveSummaryAristocrat is seeking an experienced and dynamic Director of ISO Assessment in the Cybersecurity Governance, Risk, and Compliance (GRC) team to lead our organization’s efforts in attaining and retaining ISO 27001 certification for Business units that already have and expanding certification activities to additional business units emphasizing Digital Trust to our external customers. The successful candidate will possess a deep understanding of cybersecurity frameworks, risk management strategies, and regulatory requirements, especially ISO 27001, along with exceptional leadership and communication skills.An ISO Assessment Director is a management role within the Cybersecurity GRC team supporting Aristocrat’s Global Information Security organization and cybersecurity objectives. This role will manage a team and interface directly with customers, internal/external stakeholders, as well as external auditor organizations. The ISO Assessment Director will apply best practices to support applicable regulatory, policy, standards, and legal requirements as prep for, during and after audit and assessment activities. This role will require a significant and seasoned understanding and background in external cybersecurity, IT audit practices and cybersecurity programs such as risk assessments, cybersecurity governance, and compliance activities. This Director role also requires management of resources, employee, or contingent worker, to complete required work to retain and attain external audit certification. The ISO Assessment Director will gain an understanding of Aristocrat business units and their key assets and processes, unique business requirements, and apply that knowledge to address cybersecurity risks as part of audit and assessment activities. The ISO Assessment Director will also be responsible for responding to all external cybersecurity audit and assessment requests to attain and retain regulatory requirements.What you'll doManage team (employees and/or contingent workers) and direct work responsibilities for internal and external audit and assessment work.Manage current company external cybersecurity audit certifications including ISO 27001 (Roxor), ISO 27001 certification for NeoGames, and PCI DSS (Big Fish Games).Assist with setting and advancing the global cybersecurity strategic vision and strategy, and execution of all aspects of Aristocrat’s Global Information Security program through assessment and audit activities.Responsible for developing and implementing the strategy and roadmap for comprehensive external audit program in response to the needs of the business and align that roadmap with the larger GRC and GIS strategies and roadmap.Align and manage external audit certifications from any new acquisitions.Manage efforts to attain additional Cybersecurity external audit certifications for the company, including ISO27001 for Aristocrat and other business units, SOC-2, and PCI DSS certifications.Pursue additional external cybersecurity audit certifications to encompass more business units (e.g., additional Anaxi groups, PxU, etc.) as well as new certifications such as SOC-2 for requesting business units (e.g., CXS, Gaming, etc.).Manage the tracking, handling, and closure of all requests from external auditors for cybersecurity related areas.Manage all external customer requests for audit and/or other security information.Track and close any findings, observations, or non-conformities associated to external cybersecurity audits, working with the appropriate business units.Validate critical business best practices (e.g., business continuity, disaster recovery, awareness training, etc.) are in place with verifiable outcomes.Participate in and align with IT Disaster Recovery global program.Ensure alignment with Cybersecurity Policy program to stay current on required Policies, Standards, and Technical Security Requirements (TSR) for use in external audit certifications. This includes a feedback loop to the Policies program to identify and request required changes to documentation.Proactively identify cybersecurity deficiencies or opportunities for improvement to better enable security at Aristocrat.Create external audit and customer risk assessment metrics and feed into the overall Cybersecurity Metrics program, ensuring appropriate communication of external audit certification status.Ensure risk registers (Enterprise Risk and Cyber) for specific audit related risks and remediation actions are updated prior to external audits, filtering the risk register for audit purposes providing only what is necessary for the audit or standard.Monitor industry information technology and security trends, threats, and changes to regulatory requirements to identify strategy-impacting effects to stakeholder operations and interests.What we're looking forUniversity / bachelor’s degree in information systems, Cybersecurity, Cybersecurity or IT Audit, or a related field.10+ years of experience IT Audit or compliance field, and in cybersecurity governance and risk.Proficiency in building and maintaining an external audit program for a corporation.Experience leading a team of all levels of expertise, from senior to junior analysts.Demonstrated experience in leading a geographically dispersed team with global scope and remit.Willingness and ability to do hands on management and response when needed, in addition to managing team.Strong expertise with regulatory and cybersecurity industry standards and frameworks, including NIST Cybersecurity Framework (CSF), NIST 800-53, ISO 27001 and PCI DSS.Security certification such as CISSP, CRISC, CISM, CISA or GIAC beneficial.Self-motivated and willing to take on challenges while adapting to an ever-changing cybersecurity environment.Exceptional analytical and critical thinking skills.Excellent collaboration skills – must be eager to work as part of a cohesive team and work as a partner to other teams within Aristocrat, Inc., locally and globally.Effective communication skills, including the ability to gather relevant data and information, connect through listening, dialogue freely, and verbalize ideas effectively.Comfortable with interfacing with internal or external organizations.Proven presentation and facilitation skills. Create Your Profile — Game companies can contact you with their relevant job openings. ApplySave