SoftServe 0 — Без опыта EN Не обязательный Львов
  • Information Security
  • Analyst

О работе


SoftServe is seeking governance, risk, and compliance (GRC) specialist to work in a team environment to lead security governance processes within different departments and to review and develop information privacy policies, standards, procedures, and processes according to industry best practices and frameworks such as PIMS.

Work is related to metrics that indicate the health of data protection compliance in SoftServe and analyzing incident trends. This also involves the creation and maintenance of data protection training materials.


  • Capable of working on multiple projects
  • Having knowledge of threat modeling or other risk identification techniques, system security vulnerabilities, and remediation techniques
  • Able to lead meetings, record meeting minutes, and document decision outcomes
  • Experienced in process development, analysis, implementation, and continuous improvement methodologies preferred
  • An owner of excellent analytic skills
  • Able to describe processes and create technical documentation
  • Detail-oriented with strong organizational and prioritization skills
  • Showing strong communication and written skills
  • Demonstrating Intermediate+ English level (both speaking and writing)
  • Familiar with certifications and best practice frameworks such as ISO27001, ISO9001, SOC2, ITIL, or similar, so as risk assessment techniques
  • Possessing knowledge of data protection regulation (GDPR)



  • Identifying and document applicable privacy requirements and provide consultancy for its implementation.
  • Drafting, developing, and reviewing information privacy policies, standards, procedures, and processes according to industry best practices and frameworks such as PIMS
  • Establishing and supporting GRC related processes within different departments

Risk Management

  • Assisting with information security and privacy risk management efforts
  • Helping with third party security and risk management including ongoing monitoring for risk and due diligence
  • Identifying data protection risk triggers within the information privacy project process and where IT departments interface with other parts of the SoftServe business through various processes


  • Monitoring threat landscape and implemented controls
  • Facilitating internal and external audits (regulatory, standard, contractual), organize meetings, and prepare all necessary input information
  • Assessing processes, systems, and audit preparations
  • Controlling adherence to corporate policies and documented internally

Other activities (including change management)

  • Managing HR PD Management SharePoint site
  • Developing and delivering day-to-day data protection training materials for use by IT Departments and other stakeholders
  • Performing asset, information, and data identification and classification
  • Data privacy incident supporting
  • Supporting the effective capture of metrics that indicate the health of data protection compliance in SoftServe
  • Maintaining the analysis and reporting of data protection related incident trends using metrics


  • Enjoy the ability to offer and implement your own solutions
  • Participate in international project activities
  • Enable the possibility to work remotely
  • Have access to robust educational and mentorship programs
  • Share with you a package of benefits: medical insurance, additional paid vacation, anniversary gifts, and foreign language classes

Убрать рекламу других компаний и рекламировать свою.
Узнайте больше