Security Governance & Risk Manager

Posted on Jun 11, 2019 by CV-Library

Reading, Berkshire, United Kingdom
Wholesale Trade
Immediate Start
£70k - £90k Annual
Full-Time
Security Governance & Risk Manager

The purpose of this role is to define the key business risks for the group in the cyber and information security space and with colleagues ensure those risks are managed.

Key Accountabilities;

- Managing a small team of information security consultants to deliver effective cyber security governance, risk management and compliance activities.

- Managing the cyber security risk management strategy, framework and approach.

- Integrating cyber security risk reporting and aggregate reporting into an Enterprise risk framework as it develops within the Group.

- In conjunction with Legal, you will identify information management and protection laws and regulations and define actions to ensure compliance.

- In conjunction with the Information Security team, Business Partners and IT service delivery you will develop strategies and action plans to drive controls improvement in areas where controls do not adequately provide compliance or manage risk.

- Coordinating and track all security related audits including the scope of audits, business units involved, timelines, and outcomes.

- Liaising with Internal/External Audit partners, maintaining excellent relationships and providing transparency.

- Leading the development and implementation of effective and pragmatic policies, standards and processes to secure sensitive data and ensure security and compliance with contracts, regulatory requirements, and industry standards.

- Partnering with HR to define and ensure that education and training plans are implemented to ensure that staff and, where needed, supplier staff are informed and able to make the right decisions when dealing with sensitive data or potential cyber threats.

- Developing, documenting, and assessing appropriate measures and metrics.

- Managing and regularly delivering a risk report that summarises cyber and information security risks for senior management.

Qualifications & Experience;

- Proven track record of developing and delivering governance, risk and compliance or ISMS frameworks into fast paced, complex environments

- Delivering risk management frameworks, governance board presentations, enterprise security SOP & policy, design and delivery of employee security awareness training

- A clear ability to evaluate risks to the company and articulate issues simply and clearly, develop consensus, raise awareness, and recommend and help implement solutions.

- Knowledge of common information technology management frameworks such as ISO/IEC 27001, ITIL, COBIT, and NIST.

- Strong knowledge of cloud security requirements, such as the CSA or ENISA frameworks.

- Broad understanding of relevant legal, regulatory and privacy requirements.

- Passion for risk management and cyber security.

Desirable Experience;

- Bachelor degree in Computer Science / Engineering / Information Security preferred or equivalent combination of education and/or relevant experience.

- Experience with GRC/ERM tools (i.e. RSA Archer, MetricStream, SAP GRC, Logic Manager etc.)

- Experience working in an IT organization with global operations desirable.

- Experience working in a shared services IT model desirable.

- Accreditation should include CISSP CRISC or similar

Reference: 210204333

Similar Jobs

Senior Account Manager IT Sales

Reading, Berkshire, United Kingdom

£35k - £45k Annual

IT Sales Account Manager

Reading, Berkshire, United Kingdom

£25k - £35k Annual

Forklift Field Service Engineer

Reading, Berkshire, United Kingdom

£26k - £30k Annual

Commissioning Manager

Reading, Berkshire, United Kingdom

£450 - £500 Daily