Information Security GRC Lead

Up to £55,000 per year

Information Security GRC Lead

£50,000 - 55,000

Travel: Variable as needed

Reporting to: Information Security Director

An exciting opportunity for a Information security GRC Lead for a well-known international out of homes advertisement company.

This is pivotal role supporting the security stream of our digital transformation; it is a fantastic opportunity for a driven and proactive individual, seeking the next step in their career, to become an information security expert who is capable of talking in 'business terms' to a wide range of stakeholders of a wide range of seniority, many will not have a strong grasp of the technical aspects of information security and risk management.

Information Security Governance Risk And Compliance Management (GRC) Lead is to be the company subject matter expert for all matters relating to Information Security and provide a group wide view on information security risks, mitigation plans and management of Information Security and Compliance across the organisation. The role is responsible for creating and developing existing and new security processes and protocols and taking a 'hands on'

The successful candidate will be expected to take day-to-day ownership of and responsibility for managing the group's information security GRC operations globally.

The successful candidate needs to understand that information security is better managed proactively and in agile manner - through detailed programmes and planning, not simply through 'fire-fighting', 'tick box mentality' on an ad hoc basis.

Key Roles:

  • To support HoD in cyber security transformation within the company.
  • Support in establishing group's governance and strategic oversight of information security at enterprise level.
  • Coordinate information security governance across the organization from a central Group function, providing subject matter expertise and expert advice to the business
  • To define, develop and manage all aspects of information security and to ensure all measures are taken to meet operational, contractual and legislative/regulatory compliance.
  • To support in creating, developing and maintaining corporate Information Security policies, standards and guidelinesacross the company.
  • Provide required support in making decisions regarding what assets to protect, by providing technical options as well as perceived asset value, threat probability and Impact.
  • Provide expert security advice to projects from Initiation to acceptance into production throughout the organisation - act as gatekeeper to those projects to ensure continued compliance with industry best practice and all legal/regulatory bodies requirements.
  • Support the selection, design, justification, implementation and operation of Information Security controls and management strategies and ensure ongoing compliance with corporate due diligence.
  • Help in designing agile security business practice to support business product development velocity in DevOps model. Remove bottlenecks and reduce or eliminate inefficiencies to stimulate the agility and responsiveness.
  • Work with HoD to enable security as a service for business units to easily consume effective and efficient enterprise security at technical and commercial level.
  • Coordinate to establish lean security practice within the business - maximising efficiency and effectiveness by streamlining processes and removing bottlenecks. Support HoD in establishing security as business enabler.
  • Take charge of third party security due diligence and risk management.
  • Lead security Education, Awareness and Education program across the group.
  • Raise awareness of the importance of Information Security and provide information that will help colleagues increase security and the protection of company data
  • Monitor and report on the effectiveness of Information Security arrangements
  • Support and influence the Technology, Products, HR and Legal departments on Information Security matters
  • Act as the focal point of contact for all internal and external audit compliance then own the implementation of any relevant remedial actions
  • Assist in establishing pragmatic business Information Security Risk Framework.
  • Conduct and oversee security risk assessments for business applications and computer installations and provide authoritative advice and guidance on security strategies to manage the identified risk
  • Support management of the Information Security Risk Register.
  • Assist with incident management process and IS breach investigations.
  • Oversee and advise on Information Security compliance activities relating to the regulatory requirements and industry standards SOX, ISO27001, NIST CSF, Data Protection (GDPR)

As a person:

Education and Qualifications

Essential requirements

  • Educated to degree level or equivalent - Information Security or related technology field

Desirable

  • Formal security qualification such as Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), IS27001 LA/LI or similar FAIR, SOX, COBIT, RiskIT, or similar knowledge or experience

Experience and Knowledge

Essential requirements

  • Information security management in a commercial environment, preferably within regulated industry
  • Strategy development and risk analysis
  • Policy development and implementation
  • Issue management and escalation
  • Relationship management
  • IT project delivery and methodologies - Devops Model/Agile Methodology
  • Knowledge of information security standards and best practice
  • Knowledge of industry standard frameworks, ISO27001, ISO27005 and PCI DSS
  • Understanding of, and practical experience of applying the UK Data Protection Act, other related legislation, standards and codes of practice
  • Understanding of EU General Data Protection Legislation
  • Understanding of Sarbanes-Oxley (SOX) compliance activities or working in a regulated environment.
  • Management of third party assurance suppliers to support onsite assurance activities on supplier premises wherever they may be

Leadership and Management Skills

Essential requirements

  • Ability to lead outside authority
  • Strong verbal and written communication skills
  • Able to work on own initiative and look forward to anticipating changing workloads
  • Awareness of targets and constraints
  • Ability to manage conflicting priorities
  • Ability to influence at senior levels on matters relating to security and information risk
  • Understanding of commercial / customer needs and ability to demonstrate that services are cost effective
  • Ability to see the big picture, analyse complex technical landscapes and evaluate technical solutions
  • Proven ability to produce high quality deliverables in terms of content and presentation
  • Proven ability to meet and exceed performance targets

Personal Attributes

Essential requirements

  • Fluent English (spoken and written)
  • A good mix of technical technology & security and non-technical information security skills and experience
  • A solid can-do attitude in issue troubleshooting under minimal supervision. This is a hands-on role. You are a doer, and you get stuff done
  • You are very commercially minded and like delivering against hard targets
  • You are well-versed in quantitative reporting and analytics, with knack for numbers even if your role is not analytical.
  • You are an effective team player and know how to deliver through others, with ability to sell your ideas succinctly to any seniority
  • You have a sense of urgency and drive, whilst being adaptable to situations that require patience and dedication
  • You will not get overwhelmed by a busy environment and thrive under pressure and accountability
  • You are excited by the possibility of working in one of the world's leading advertising businesses, a place stuffed with diverse group of talents and perspectives. You have a strong desire to thrive in a fast paced environment and bring innovation to drive risk reduction with optimised execution
  • Able to travel to international locations (not expected to exceed 10%, typically short (1-3 day) trips)

If this sounds like a good fit for you then apply now or get in touch with Right Time Recruitment.

Job Post Ends: 28th September 2018

You need to be registered or logged in to apply for this job.