Key skills
Cyber SecurityStakeholder ManagementRisk ManagementCommunication
About this role
Role Overview
- Assist in identifying, assessing, and prioritising risks across the organisation. Conduct risk assessments to evaluate the likelihood and potential impact of risks on business operations and objectives
- Monitor regulatory developments and changes in laws, regulations, and industry standards. Assess the organisation's compliance with applicable regulations, standards, and internal policies
- Support the Global Risk & Resilience Lead in the Development and maintenance of IT resilience and business continuity plans to ensure the organisation's ability to respond to and recover from IT disruptions
- Provide support in DR related incident response activities, including investigating IT security incidents, breaches, and disruptions
- Identify and document risk deficiencies, compliance gaps, and areas for improvement. Collaborate with stakeholders to develop actionable recommendations and corrective action plans to address identified issues
- Maintain accurate documentation of risk assessments, compliance reviews, control testing activities, and remediation efforts. Prepare regular reports for management and stakeholders on the status of risk, compliance, and control activities
- Assist in the development and maintenance of risk management, compliance, and control-related policies, procedures, and guidelines. Ensure alignment with regulatory requirements and industry best practices in alignment with the Global IS Governance Lead
- Assist in assessing and managing risks associated with third-party vendors and service providers. Evaluate vendor controls and adherence to contractual obligations
- Identify opportunities for enhancing risk management, compliance, and control processes. Recommend and implement improvements to strengthen the organisation's risk and control environment
- Contribute to project activities as required to ensure GRC requirements are understood and addressed
Requirements
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate compliance and risk related concepts to technical and nontechnical audiences
- Substantial relevant experience in control management for governance, compliance, IT audits, IS assurance and risk management programmes
- CISA, CISM or equivalent preferred
- BSc or equivalent qualification in IT based degree preferred
- 3+ years relevant IT work experience
- Proven ability to communicate with technical teams to elicit information and requirements
- Understanding of regulatory requirements, including cross-industry regulations (e.g., GDPR, Data Protection Act) and industry-specific regulations
- Skilled in implementing compliance and control frameworks
- Proficient in IT governance and quality standards
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
- Excellent stakeholder management skills
- High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity
- Knowledge of OneTrust risk management toolset or similar preferred
Tech Stack
- Cyber Security
Benefits
- Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth.
- Flexible working: Flexible work arrangements to support your work-life balance. We can’t promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can.
- A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well-being, and insurance schemes.