T&DS - GRC Senior Specialist

Forvis Mazars is a leader in audit, tax and advisory services, operating worldwide across 100+ countries and territories. Join our 40,000+ strong team to grow your career through global opportunities, diverse projects and continuous learning. Belong to a supportive environment where your unique perspective is valued and success comes from working together. Impact with your bold ideas and help drive us forward.

About Technology & digital solutions

The Technology & digital solutions (T&DS) is leading Forvis Mazars digital transformation. We aim at providing Forvis Mazars professionals with a seamless digital experience allowing greater collaboration worldwide in a safe environment. As a result, they’ll be empowered to deliver more value to clients every day.

To reach these goals, T&DS transformation programme aims at consolidating the IT operations from a multi-local model spread across 100+ countries into a global model. This includes the infrastructure and the operating model needed to support the business, people and clients now and in the future.

The success of this change relies on the great expertise and relentless engagement of every member of the team. This is a great moment to join the Technology & digital solutions organisation and be part of the delivery of this major transformation over the coming years!

The GRC Senior Specialist plays a key role in the project and application lifecycle management. S/he will conduct security assessment and assist in the continuous improvement of the Information Security Management System (ISMS).

The GRC Senior Specialist will be responsible for:

• Review all policies, procedures and other core framework documents.
• Ensure compliance with the global policies and maintain the resilience of the global services.
• Help the leadership team define information systems security objectives and priorities to keep business safe.
• Work with the global security steering committee to develop, formalise and communicate global policies, guidelines and methodologies to achieve objectives.
• Assess the global cybersecurity risks, by consolidating country risks and update in line with security objectives and policies.
• Manage the risk management programme by reviewing all existing asset registers and risk registers.
• Support continuous improvements of the ISMS by designing and implementing effective metrics.
• Maintain ISMS portal and documentation up to date.

The GRC Senior Specialist will report to the Head of GRC on the achievement of security objectives, and will communicate regularly on the overall level of security, as well as on the progress of major projects.

Key responsibilities

• Prepare and lead committees around security / GRC topics
• Define / update ISMS policies
• Control and monitor policies with relevant KPIs
• Implement risk management
• Conduct security assessment

• 6-8 year experience in information security of which minimum of 3 years of business experience in running an ISMS based on ISO27001.
• Must be a certified lead implementer or a certified lead auditor on ISO27001:2013 or 2022.
• Professional security qualifications such as CISSP and/or CISM preferred.
• Knowledge of other framework (ISO 27005) and System and Organization Controls (SOC2) reporting.
• Cyber and cloud security standard frameworks, architecture & design.
• Excellent interpersonal and communication skills.
• Fluent in English, other spoken languages is a plus.
• Collaborative mindset and teamwork.
• Influence and ability to impact decisions and stakeholders.
• Excellent organisational skills, ability to multi task and work within a global team.
• Methodical approach to work, attention to detail and delivery of high quality results.

Hybrid work 50%