Information Security GRC Lead

Right Time Recruitment is exclusively representing Clear Channel on this role.

This role is for Clear Channel.

An exciting opportunity for an Information security GRC Lead for a well-known international out of homes advertising company.

This is pivotal role supporting the security stream of our digital transformation; it is a fantastic opportunity for a driven and proactive individual to become an information security expert who is capable of talking in 'business terms' to a wide range of stakeholders of a wide range of seniority, many of whom will not have a strong grasp of the technical aspects of information security and risk management Information Security Governance Risk And Compliance Management (GRC) Lead is to be the company subject matter expert for all matters relating to Information Security and provide a group wide view on information security risks, mitigation plans and management of Information Security and Compliance across the organisation. The role is responsible for creating and developing existing and new security processes and protocols and taking a 'hands on' The successful candidate will be expected to take day-to-day ownership of and responsibility for managing the group's information security GRC operations globally. The successful candidate needs to understand that information security is better managed proactively and in agile manner - through detailed programmes and planning.

Key Roles:

Support HoD in cyber security transformation within the company Support in establishing group's governance and strategic oversight of information security at enterprise level Coordinate information security governance across the organization from a central Group function, providing subject matter expertise and expert advice to the business To define, develop and manage all aspects of information security and to ensure all measures are taken to meet operational, contractual and legislative/regulatory compliance To support in creating, developing and maintaining corporate Information Security policies, standards and guidelines across the company Provide required support in making decisions regarding what assets to protect, by providing technical options as well as perceived asset value, threat probability and Impact Provide expert security advice to projects from Initiation to acceptance into production throughout the organisation - act as gatekeeper to those projects to ensure continued compliance with industry best practice and all legal/regulatory bodies requirements Support the selection, design, justification, implementation and operation of Information Security controls and management strategies and ensure ongoing compliance with corporate due diligence Help in designing agile security business practice to support business product development velocity in DevOps model. Remove bottlenecks and reduce or eliminate inefficiencies to stimulate the agility and responsiveness

Work with HoD to enable security as a service for business units to easily consume effective and efficient enterprise security at technical and commercial level Coordinate to establish lean security practice within the business - maximising efficiency and effectiveness by streamlining processes and removing bottlenecks. Support HoD in establishing security as business enabler Take charge of third party security due diligence and risk management Lead security Education, Awareness and Education program across the group Raise awareness of the importance of Information Security and provide information that will help colleagues increase security and the protection of company data Monitor and report on the effectiveness of Information Security arrangements Assist with incident management process and IS breach investigations Oversee and advise on Information Security compliance activities relating to the regulatory requirements and industry standards SOX, ISO27001, NIST CSF, Data Protection (GDPR) Educated to degree level or equivalent - Information Security or related technology field Formal security qualification such as Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), IS27001 LA/LI or similar FAIR, SOX, COBIT, RiskIT, or similar knowledge or experience Information security management in a commercial environment Strategy development and risk analysis Policy development and implementation Issue management and escalation Relationship management IT project delivery and methodologies - Devops Model/Agile Methodology Knowledge of information security standards and best practice Knowledge of industry standard frameworks, ISO27001, ISO27005 and PCI DSS Understanding of practical experience, applying the UK Data Protection Act, other related legislation, standards and codes of practice Understanding of EU General Data Protection Legislation Understanding of Sarbanes-Oxley (SOX) compliance activities or working in a regulated environment. Management of third party assurance suppliers to support onsite assurance activities on supplier premises wherever they may be

End Date: 30^th October 2018