T&DS - GRC Senior Specialist

Company Description

Forvis Mazars is a leader in audit, tax, and advisory services, operating worldwide across 100+ countries and territories. Join our 40,000+ strong team to grow your career through global opportunities, diverse projects, and continuous learning. Belong to a supportive environment where your unique perspective is valued and success comes from working together. Impact with your bold ideas and help drive us forward.

About Technology & Digital Solutions

The Technology & Digital Solutions (T&DS) team is leading Forvis Mazars' digital transformation. We aim to provide professionals with a seamless digital experience, enabling greater collaboration worldwide in a secure environment. This empowers them to deliver more value to clients daily.

To achieve these goals, the T&DS transformation program consolidates IT operations from a multi-local model across 100+ countries into a global model, including infrastructure and operating models to support the business, people, and clients now and in the future.

This is a pivotal moment to join the T&DS organization and be part of delivering this major transformation in the coming years!

The GRC Senior Specialist plays a key role in the project and application lifecycle management. They will conduct security assessments and assist in the continuous improvement of the Information Security Management System (ISMS).

The GRC Senior Specialist will be responsible for:

• Review all policies, procedures, and other core framework documents.
• Ensure compliance with global policies and maintain the resilience of global services.
• Help the leadership team define information system security objectives and priorities to keep the business safe.
• Work with the global security steering committee to develop, formalize, and communicate global policies, guidelines, and methodologies to achieve objectives.
• Assess global cybersecurity risks by consolidating country risks and updating them in line with security objectives and policies.
• Manage the risk management program by reviewing all existing asset and risk registers.
• Support continuous improvements of the ISMS by designing and implementing effective metrics.
• Maintain ISMS portal and documentation up to date.

The GRC Senior Specialist will report to the Head of GRC on the achievement of security objectives and will communicate regularly about the overall security level and progress of major projects.

• Prepare and lead committees on security/GRC topics.
• Define/update ISMS policies.
• Control and monitor policies with relevant KPIs.
• Implement risk management processes.
• Conduct security assessments.

• 6-8 years of experience in information security, with a minimum of 3 years managing an ISMS based on ISO 27001.
• Must be a certified lead implementer or lead auditor on ISO 27001:2013 or 2022.
• Professional security qualifications such as CISSP and/or CISM are preferred.
• Knowledge of other frameworks (ISO 27005) and System and Organization Controls (SOC2) reporting.
• Experience with cybersecurity and cloud security standards, architecture, and design.
• Excellent interpersonal and communication skills.
• Fluent in English; other spoken languages are a plus.
• Collaborative mindset and team-oriented approach.
• Ability to influence and impact decisions and stakeholders.
• Excellent organizational skills, capable of multitasking within a global team.
• Methodical approach, attention to detail, and commitment to high-quality results.

Hybrid work model: 50% remote work.