head of information security and compliance

Head of Information Security Governance Risk & Compliance

Job Purpose

• Lead for the Security Director on all things relating to Governance, Risk and Compliance across the company.
• Maintaining all Policies, regarding IT Governance and Compliance to the ISO27000 alignment, are both current and applicable to the company technology 'stack' along with the entire organisation.
• Managing the Information Security Risks and Audit findings across the company to include; managing the Risk & Audit process flow from identification to application to the Risk Register and finally the closure of the Audit point or the reduction of the Risk.
• Accountable for the development of plans for review of management systems, including the review of implementation and use of standards and the effectiveness of operational and process controls.
• Accountable within Technology and Operations for the independent assessment of the conformity of any activity, process, deliverable, product or service to the criteria of specified standards, best practice, or other documented requirements

Knowledge & experience

10+ years' experience working in a Senior Position, with expert level knowledge in PCI DSS, ISO27001, IT Security Risk Management tools.

Essential:

One of:

CISSP

CISM

CISA

Degree in Information Security

Key deliverables for the role.

• Provide end-to-end engagement on a wide range of technology risks ensuring that all the risks are identified, documented, ranked and tracked within the appropriate department.
• Engage with Senior Members of the technical team for reviewing and documenting all the risks under their function, from identification to mitigation to either the end of the risk or acceptance/lowering the risk.
• Besides engagement at a Senior level, also assisting in the building of a Technology Risk culture within the company; developing the skills within the various departments to make risk second nature.
• Reviewing, digesting and applying knowledge of the working world of Information Security and its applicability to the company regarding risk exposed areas.
• Managing the refresh of all of the Information Security Governing and Compliance related policies & documentation for all of Technology
• Managing the Technology Risks and Audit findings across the company to include; managing the Technology Risk & Audit process flow from identification to application to the Risk Register and finally the closure of the Audit point or the reduction of the Risk.
• Reporting both up and down the various business departments about any and all risks that pertain to Information Security Technology and the impact of carrying risks without mitigation
• Managing all Third Party Supplier assessments for both new business and current business relationships the company has with the various suppliers. These assessment focus how safe and secure a supplier handles their security practices along with how they handle our data within their environment

for more information please contact jessie.marsh@projectpeople.com

Project People is acting as an Employment Agency in relation to this vacancy.