Head of Information Security Governance Risk & Compliance

Head of Information Security Governance Risk & Compliance

Permanent

Reading/Hybrid way of working

The role is subject to broad practices and procedures covered by functional precedents and policies and managerial direction. The role has the independence needed to achieve annual results in line with operating plans and policies.

• Lead for the Security Director on all things relating to Governance, Risk and Compliance.
• Maintaining all Policies, regarding IT Governance and Compliance to the ISO27000 alignment, are both current and applicable to technology 'stack' along with the entire organisation.
• Managing the Information Security Risks and Audit findings to include; managing the Risk & Audit process flow from identification to application to the Risk Register and finally the closure of the Audit point or the reduction of the Risk.
• Accountable for the development of plans for review of management systems, including the review of implementation and use of standards and the effectiveness of operational and process controls.
• Accountable within Technology and Operations for the independent assessment of the conformity of any activity, process, deliverable, product or service to the criteria of specified standards, best practice, or other documented requirements

Skills Required:

10+ years' experience working in a Senior Position, with expert level knowledge in PCI DSS, ISO27001, IT Security Risk Management tools.

Essential: One of: CISSP, CISM, CISA, Degree in Information Security

Responsibilities:

• Provide end-to-end engagement on a wide range of technology risks ensuring that all the risks are identified, documented, ranked and tracked within the appropriate department.
• Engage with Senior Members of the technical team for reviewing and documenting all the risks under their function, from identification to mitigation to either the end of the risk or acceptance/lowering the risk.
• Besides engagement at a Senior level, also assisting in the building of a Technology Risk culture; developing the skills within the various departments to make risk second nature.
• Reviewing, digesting and applying knowledge of the working world of Information Security and its applicability regarding risk exposer areas.
• Managing the refresh of all of the Information Security Governing and Compliance related policies & documentation for all of Technology
• Managing the Technology Risks and Audit findings to include; managing the Technology Risk & Audit process flow from identification to application to the Risk Register and finally the closure of the Audit point or the reduction of the Risk.
• Reporting both up and down the various business departments about any and all risks that pertain to Information Security Technology and the impact of carrying risks without mitigation
• Managing all Third Party Supplier assessments for both new business and current business relationships with the various suppliers. These assessment focus how safe and secure a supplier handles their security practices along with how they handle our data within their environment

Project People is acting as an Employment Agency in relation to this vacancy.