IT Governance, Risk and Compliance Manager
Posted 4 hours 2 minutes ago by Hays Specialist Recruitment
IT Governance, Risk and Compliance Manager
Permanent Salary: £75,000 - £80,000 (neg.) plus 10% bonus
Location: Glasgow
Working Arrangement: Hybrid - 2 days on site
Your new company:
I'm currently looking for an Information Security Manager to work for one of Hays' long-term clients based in Glasgow. This is a hybrid role with a requirement of working on-site 2 days per week, paying up to £80,000 per annum depending on your experience.
This role is a GRC-led leadership position and the ideal candidate will have operated at a senior level maintaining information security accreditations such as ISO27001 and Cyber Essentials +, acting as an IT Risk SME, and working closely with senior leadership on the security assurance of a business.
This role involves:
Leading on business-wide GRC and information security assurance initiatives
Contributing to a future-focused security model considering IT risk, data security, incident response plans, alongside disaster recovery and business continuity
Leading in the maintenance of ISO27001 and CE+ compliance and certification where appropriate
Completing IT Risk assessments, adding to and maintaining the risk register
Overseeing the cyber security incident response process and taking a leading role in assessing corrective actions
Acting quickly and decisively on information security incidents in line with your knowledge of industry best practice
Working with various business leaders on regular security awareness activities, effectively communicating details of emerging security threats and risks and acting as an Information Security Risk Management SME
Engaging with business continuity with senior IT leaders
Taking an active involvement in annual information security reviews, communicating to senior stakeholders about contemporary risks to be considered and initiatives to combat them
Advising on all areas of data security - eg impact assessments, data security awareness training, data protection
Tweaking and maintaining the ISMS in line with your knowledge of industry best practice
Using your knowledge of technical IT controls to ensure that projects, transformations, current policies and systems are fit for purpose and aligned with organisational risk appetite
Leading a small team of security analysts spanning risk and governance
Leading the risk and governance function as a GRC SME and supporting with risk assessments of transformations, regulations, and policies
Overseeing supplier assurance processes from a security perspective
Assisting in the creation of governance policies and processes
Creating reports for governance groups
Maintaining a contemporary knowledge of current threats and cyber trends, using this to guide the strategic direction of the technology governance model, and to ensure operational risks are managed appropriately
Collaborating with stakeholders within audit, operational risk and the three lines of defence
Providing strategic advice and input on the organisation's cyber security strategy
What you'll need to succeed:
An SME within Information Security Risk Management
Experience maintaining ISO27001 and Cyber Essentials
Experience developing and maintaining an ISMS
Excellent communication and stakeholder engagement skills
Experience leading a cyber security awareness campaign and assisting with surrounding educational measures
A business solution focused mindset
Relevant industry certifications
Experience leading and supporting with risk management and risk assessments
The ability to maintaining and foster sound security principles across the organisation whilst keeping a business solution mindset, to not inhibit business functions, projects and transformations
Experience defining governance models
Team management experience
Strong IT risk management experience and comprehension of best practice controls and security risk frameworks - NIST, COBIT.
What you'll get in return:
£75,000 to £80,000 per annum
10% Bonus
Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found on our website.