Support internal and external partners on matters of risk assessments, security controls, and framework requirements.
Help build and maintain an effective third party risk assessment program
Perform supplier risk assessments, contract reviews, respond to customer security questionnaires and establish that Arm security and compliance requirements are understood
Develops tactical and trusted relationships within business partners, partners and vendors
Supporting continuous improvement to the Technology Risk program as it evolves to meet changing organizational and regulatory needs
Develop Standard Operating Procedures (SOP) to document procedures for risk assessments, third party assessments, and business process workflows for Security Governance, Risk, and Compliance
Document recommendations and implementation of corrective action plans to remediate issues for identified deficiencies. Monitor the progress of plans for on time completion
Continuous process improvement of existing and future processes
Be responsible to handle and maintain service level agreements for Requests and issues raised via ServiceNow and Jira.
Required Skills and Experience :
Experience in conducting internal security assessments and reviews
Experience in articulating and documenting information security risks
Demonstrable experience in developing and optimizing customer due diligence processes (RFPs, questionnaires CAIQ, BITS SIG questionnaires…)
Candidate must have the expertise to understand Arm’s technical and business environment, strong familiarity with security standards, and audit requirements including NIST CSF, 800-53, ISO 27001, PCI DSS, and SOC 2 Type 2 reports
A driven demeanour will thrive at Arm. Proactive mentality is a must
Execution oriented with an ability to manage multiple projects simultaneously with a focus on outcomes driving impact
Interpersonal skills are required to interact effectively within the Enterprise Security group, customers and vendors at a tactical level
“Nice To Have” Experience and Skills:
Experience working in a security role focussed on technical controls, services and procedures
Experience with EU regulations and EU data privacy a definite plus
Security qualifications beneficial but not crucial. i.e., CISSP, CISM
Good familiarity with other Enterprise Security organization (can identify which team fulfils which roles) and a Solid understanding of ITIL processes
Awareness of project management techniques, while having the ability to handle and chair meetings when required
In Return:
We are proud to have a set of behaviors that reflect our culture and guide our decisions, defining how we work together. These behaviors are assessed as part of the hiring process: