IT GRC Security Trainee, Global I&O

Date: Jan 31, 2024

Location: MADRID, ES, 28037

Company: HOLCIM Group

SUMARY OF THE JOB

The IT Security Trainee for Global Infrastructure & Operations (GIO) will support the GIO Security team to ensure information security and compliance within the GIO scope, in line with the company’s security strategies to ensure the IT services and functions meet all mandated security standards & policies, and to effectively assess & control security risks.

 

MAIN ACTIVITIES / RESPONSABILITIES

  • Supporting IT compliance across the GIO scope, including the implementation of:
    • Information security standards and procedures
    • Information security regulatory compliance requirements
    • Certification standards and requirements
  • Conducting the yearly testing of IT controls within GIO, such as Holcim’s Minimum Control Standards (MCS) defined by Group Internal Control.
  • Coordinating regular internal and external audits within the GIO scope, supporting the communication, documentation, evidence collection and following-up on audit findings resolution.

 

JOB DIMENSIONS

Key figures: 
Global reach across 70 countries and 70,000 employees.
Key interfaces, stakeholder and relationships:
Internal: IT Service Centers, Global Infrastructure and Operations, Group Internal Control, Group Internal Audit, Project Managers and Steering Committees.
External: Consulting Companies, Service Providers, External Auditors.

 

PROFILE REQUIRED

 

Level of education/qualifications normally required:

  • Graduate degree in Computer Science Engineering or related discipline with an IT focus.
  • Security Certifications (CISM, CISA, ISO 27001, CISSP, CRISK, ITIL, CMMI) would be an asset.

Technical / functional skills: 

  • Understanding of IT processes and layers, especially related to IT infrastructure & operations, as well as network security, both on premise and in cloud (IaaS/SaaS/PaaS).
  • Knowledge of Information Security and Compliance standards would be a plus (e.g. ISO 27001/2, GDPR, NIST, HIPAA, SWIFT, PCI DSS, etc.)
  • Experience in IT risk and compliance related activities would be a plus.

Behavioral competencies:

  • Keen attention to detail.
  • Strong customer / end-user / client service orientation.
  • Highly self-motivated and directed.
  • Capability for problem solving, decision making, sound judgment, assertiveness.
  • Ability to communicate openly and effectively with many diverse constituencies and stakeholders.
  • Cultural sensitivity and social flexibility in a global corporate environment.

Linguistic skills: 

  • Excellent English (written & spoken) - other languages are a plus.