Cyber Security Intern contributing to security initiatives and real projects at Luminor Group in Estonia. Opportunity to learn and grow within a dynamic banking environment supporting Pan - Baltic operations.
CE
Hybrid Senior Specialist, Information Security Governance, Risk & Compliance
Posted 2 months ago
About the role
- Senior Specialist in Information Security Governance, Risk & Compliance at Cellulant, driving information security, privacy, and compliance standards within BFSI context.
Responsibilities
- Develop, maintain, and enhance the Information Security Management System (ISMS) based on ISO 27001/27002 or equivalent standards.
- Conduct enterprise-wide information security risk assessments, risk treatment planning, and continuous control monitoring.
- Maintain policy frameworks, standards, guidelines, and procedures.
- Ensure timely closure of information security findings across the business.
- Manage compliance with industry regulations and BFSI-specific frameworks (e.g., PCI DSS, SOC 2, ISO 27017/18, ISO 27032, local data protection acts).
- Track and report security posture, cyber risk exposure, key metrics, and compliance maturity to leadership.
- Own and evolve the Cellulant’s Business Continuity Management System (BCMS).
- Lead the development, review, and testing of BCPs, DR plans, and crisis management procedures.
- Conduct Business Impact Analyses (BIAs) and risk assessments across critical business functions.
- Coordinate and lead resilience exercises, tabletop simulations, and post-incident reviews.
- Support implementation of privacy-by-design and privacy-by-default controls.
- Monitor compliance with relevant data protection and privacy laws (e.g., GDPR, regional data protection regulations).
- Review vendor security questionnaires, external audit reports, penetration test summaries, and data protection agreements.
- Evaluate cloud, SaaS, managed services, and critical suppliers for compliance with BFSI security and privacy requirements.
- Provide expert GRC advisory support to cross-functional teams including IT, engineering, operations, legal, compliance and product.
- Design and promote security and privacy awareness programs.
Requirements
- 5–8+ years of experience in Information Security, GRC, audit, privacy, or risk management roles
- Proven experience working in or supporting the BFSI sector, with strong understanding of industry regulatory, privacy, and security obligations
- Business Continuity Management hands-on experience, including running BIAs, maintaining BC/DR plans, and coordinating DR/BC exercises
- Deep familiarity with frameworks and standards such as: ISO 27001/27002, NIST CSF, PCI DSS, and SOC 2 and ISO 22301
- GDPR (EU), NDPA (Nigeria) and other global/regional data privacy laws
- Strong understanding of cloud security principles (AWS)
- Demonstrated experience producing documentation, process improvements, risk reports, and audit deliverables
- Experience working cross-functionally with technical and non-technical teams.
- One or more of the following (or equivalent): Information Security: CISSP, CISM, SSCP, ISO 27001 Lead Implementer/Auditor Business Continuity: CBCP, ISO 22301 Lead Implementer/Auditor Privacy: CIPP/E, CIPM, CDPSE, ISO 27701 Lead Implementer/Auditor, certified DPO Risk & Compliance: CRISC, CGEIT.
Benefits
- Generous personal time off
- Medical and life insurance benefits (markets permitting)
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Cyber Security Intern contributing to real projects in a dynamic banking environment at Luminor. Collaborating with teams and gaining hands - on experience in cyber security.
Cyber Security Intern contributing to real projects in a dynamic banking environment with Luminor. Collaborating with interns and building practical skills through meaningful work.
Cybersecurity Engineer performing risk assessment and defining mitigation strategies for railway sub - systems. Collaborating with engineers to ensure secure architecture and compliance with European standards.
Senior Information Security Engineer responsible for evolving data security practices at Mastercard. Focused on data classification, loss prevention and regulatory compliance in a dynamic environment.
Lead Information Security Engineer at Mastercard advancing data security capabilities and participating in compliance initiatives. Collaborating with cross - functional teams to ensure effective data management and protection.
Cyber Security Consultant identifying vulnerabilities and providing solutions at PwC. Focusing on comprehensive security measures across various domains while learning and growing in a fast - paced environment.
Senior Information Security Advisor ensuring business priorities align with information security requirements and fostering a strong security culture. Strategic partner supporting executives in informed decision - making.
Security Dispatcher ensuring the safety, security, and welfare at Children's Healthcare of Atlanta. Engaging in emergency communications, coordinating security personnel, and monitoring alarms.
Cybersecurity Manager leading compliance and operational security for classified information systems at Boeing. Overseeing analysis, risk management, and security policy enforcement.