You will be responsible for risk and security governance within IT. You will drive the adoption of risk management processes and encourage teams to raise and mitigate risks. You will communicate effectively with a broad range of individuals, from technical subject matter experts to discover and understand risks and mitigations; business stakeholders to understand risk impacts; senior stakeholders to communicate progress on risk management. You will be responsible for embedding information security standards within the business' IT function.
This will involve:
- Robust application of governance processes so that security and risk are managed correctly.
- Extensive consultation with technical and business teams to understand and communicate risks and business impact.
- Supporting the process of documenting and classifying risks, impacts and requirements in a meaningful way.
- Definition, agreement, tracking and reporting of risk and security-related metrics to ensure continuous improvement.
- Encouraging the raising of risks and increasing the adoption of risk management processes.
- Maintaining a consistent architectural risk register across the Governance lifecycle, ensuring that risks are effectively mitigated against.
- Keeping abreast of information security standards, best practice and trends in the wider market.
- Maintaining, refreshing, and consistently applying security and risk policies.
- Maintaining architectural standards, principles, and blueprints to ensure that they articulate security and risk requirements.
- Ability to communicate with both technical and non-technical colleagues easily and effectively.
- Ability to rapidly build relationships and credibility with wide range of people across the organisation.
- Broad knowledge of current risk management and information security practices and their appropriate application.
- Experience of information security and governance methodologies.
- Good level of attention to detail.
- Extensive stakeholder management, negotiation, and influencing skills.
- Experience of large, complex corporate IT environments.
Nice to Have:
- Enterprise architecture and embedding security within this.
- CCP S & IRA / CCISP / CISSP, ISO27001 exposure.
- Telecommunications industry experience.
- TM Forum.
Project People is acting as an Employment Business in relation to this vacancy.