Security Risk Manager

Roles & Responsibility

Required

The principle responsibilities are:

• Input and support to the Information Security Management System (ISMS) / security team strategy.
• Support in the maintenance of any Security certifications, including ISO27001.
• Support the automation of key Security GRC workstreams / implementation of GRC Software and future maintenance and expansion of the software.
• SME on all applicable security legislation and regulatory requirements.
• Facilitation of the security Framework and Governance meetings, up to and including Senior Exec and Board level.
• Drafting and regular updates of the Security documentation set: Security Policies, Standards, Requirements and Guidelines.
• Compilation, delivery and the management of security KPIs, Metrics and other Security GRC reporting.
• Support to the ISO27001 Implementation Programme and then ongoing maintenance of the certification.
• Other Security GRC tasks as directed by security management.

Requirements

 Experience of the implementation and maintenance of Security GRC Software.
• Educated to degree level or holding a professional qualification (e.g. CISSP, CISM, Auditor/Implementer for ISO 27001 or equivalent)
• ISO27001 implementation and maintenance experience.
• Proven experience of undertaking Security Governance, risk and Complaince work.
• Experience in two or more of the following areas: risk management, vendor security, security policies, Security governance, assurance or audit.
• 3 – 5 years of experience in an information security role in a large commercial organisation.
• Experience of a large, complex, global matrix organisation.
• Although not a highly technical role, strong general awareness and knowledge of key cyber security and security architecture technical measures and best practice is required.
• Desirable: Knowledge or experience of the telecoms industry.
• Desirable: Knowledge of cloud security and governanc