Security Governance & Risk Manager
Posted on Jun 11, 2019 by CV-Library
The purpose of this role is to define the key business risks for the group in the cyber and information security space and with colleagues ensure those risks are managed.
- Managing a small team of information security consultants to deliver effective cyber security governance, risk management and compliance activities.
- Managing the cyber security risk management strategy, framework and approach.
- Integrating cyber security risk reporting and aggregate reporting into an Enterprise risk framework as it develops within the Group.
- In conjunction with Legal, you will identify information management and protection laws and regulations and define actions to ensure compliance.
- In conjunction with the Information Security team, Business Partners and IT service delivery you will develop strategies and action plans to drive controls improvement in areas where controls do not adequately provide compliance or manage risk.
- Coordinating and track all security related audits including the scope of audits, business units involved, timelines, and outcomes.
- Liaising with Internal/External Audit partners, maintaining excellent relationships and providing transparency.
- Leading the development and implementation of effective and pragmatic policies, standards and processes to secure sensitive data and ensure security and compliance with contracts, regulatory requirements, and industry standards.
- Partnering with HR to define and ensure that education and training plans are implemented to ensure that staff and, where needed, supplier staff are informed and able to make the right decisions when dealing with sensitive data or potential cyber threats.
- Developing, documenting, and assessing appropriate measures and metrics.
- Managing and regularly delivering a risk report that summarises cyber and information security risks for senior management.
Qualifications & Experience;
- Proven track record of developing and delivering governance, risk and compliance or ISMS frameworks into fast paced, complex environments
- Delivering risk management frameworks, governance board presentations, enterprise security SOP & policy, design and delivery of employee security awareness training
- A clear ability to evaluate risks to the company and articulate issues simply and clearly, develop consensus, raise awareness, and recommend and help implement solutions.
- Knowledge of common information technology management frameworks such as ISO/IEC 27001, ITIL, COBIT, and NIST.
- Strong knowledge of cloud security requirements, such as the CSA or ENISA frameworks.
- Broad understanding of relevant legal, regulatory and privacy requirements.
- Passion for risk management and cyber security.
- Bachelor degree in Computer Science / Engineering / Information Security preferred or equivalent combination of education and/or relevant experience.
- Experience with GRC/ERM tools (i.e. RSA Archer, MetricStream, SAP GRC, Logic Manager etc.)
- Experience working in an IT organization with global operations desirable.
- Experience working in a shared services IT model desirable.
- Accreditation should include CISSP CRISC or similar
£35k - £45k Annual
£25k - £35k Annual
£26k - £30k Annual
£450 - £500 Daily