Senior GRC specialist Porto

Senior GRC specialist
Porto
Porto, Porto District, Portugal

Title: Client Trust Manager, Kantar IT Services

We’re the world’s leading data, insights, and consulting company; we shape the brands of tomorrow by better understanding people everywhere.

Kantar is undergoing the largest Tech transformation our $7. 5bn business has seen, allowing us to become a leading global Data / Analytics powerhouse, suppling giants such as Google and Unilever with innovative insights into the behaviour of their customers.

Since being acquired by Bain Capital in December 2019 we have been mapping out how to realise this vision, by expanding, upgrading, and evolving our Tech Platforms and Infrastructure. We are Cloud Native (Azure) and are modernising and integrating all our tech stacks to allow us to provide a swifter and more automated response to our client’s needs.

For this we need some of the best minds in Tech and Dev
Ops to help us solve problems for the long term, with the freedom to take measured risk with innovative solutions. From the top down, our global tech community is truly collaborative and supportive, with excellent training resources to ensure you are coached and guided to improve your skills, so you continue to grow as we do.

The Client Trust Manager is responsible for responding to client security questionnaires and queries, and works closely with the peer group members within and outside the cyber function.

This is a dynamic role, and the candidate must understand the business and the applications in scope in detail. The role will report to the Director of Client Trust and will be a key member of the Global Technology team

Key Responsibilities

The candidate will cover all aspects of information security and IT risk for the client. They will support the businesses as below:

• Own all assurance for clients security assurance reviews to ensure consistent and
  - quality implementation that meets the needs and strategy of the business
• Build strong relationship with key stakeholders(primarily North America, but also with involvement with all other markets), leading to a trusted partnership where they are the main point of contact for that region’s activities
• Provide security consultancy and advice, and interpretation of standards and policies as needed to deliver positive results for clients
• Review of security contractual terms to ensure the best outcome is achieved for the business, and any risks are clearly documented and managed
• Be the connector of the central security services to the central Client Trust team and continue to evolve the team’s understanding as the function continues to mature
• End-to-end management of findings and actions (from assurance, to documentation, escalation, remediation or exception) and report regularly to senior management through the team’s central governance processes
• Align with other assurance activities alongside colleagues in Technology, Privacy, Legal, Procurement, etc
• Be prepared to support the business across multiple regions when required
• Work with the team to contribute towards new & improved ways of working

Knowledge needed

• Cyber Security generalist – having a wide understanding of cyber controls, frameworks, best practice and compensating controls is essential for this role. (ISO27001, NIST, CIS, SOC etc)
• Understanding and experience with data privacy legislation (GDPR, CCPA, PIPL etc)
• Experience in completing assurance activities, either internally or on external/supply chain (such as suppliers or clients)
• Influencing – Gravitas and confidence to drive change. Excellent communication skills, including the ability to explain complex tech issues in simple terms
• Autonomy – deal with broad set of activities across a varied stakeholder group and manage their work in an ambiguous environment
• Ownership – taking ownership of key tasks and working through to completion
• Must have experience/track record of applying information security and IT risk knowledge and processes to
  - world business problems in complex, global organisations with formal risk treatment processes in place
• Risk management – able to apply risk management practices to varied scenarios and ensure identified issues are properly managed
• Supplier risk management - must be able to demonstrate a clear understanding of assessing suppliers. Will be expected to work closely with the Supplier Risk Management team