It Security, Governance & Compliance Lead
Based at the Group H/O, reporting to the Chief Information and Digitisation Officer (CIDO), the successful candidate will be responsible for key stakeholder management to ensure that IS Security risks are understood and that there is business support for the IS security strategy.
Minimum Qualifications and Experience Required:
- Post Graduate Degree in Information Technology.
- 8+ years’ experience in an information security risk leadership role in large organisations.
- Experience in running information security risk governance processes and structures.
- Familiar with relevant industry standards for information security (e.g. ISO27001, NIST CSF).
- Experience in creating and implementing information security policies and standards.
- Experience in information security risks and controls relating to Industrial Control Systems and Supply-Chain.
- Proven track record with security assessment and assurance activities (e.g. penetration testing).
- Experience of security compliance management and reporting in relation to any relevant regulatory or legal requirements.
- Commercial acumen.
- Strong project and change leadership experience.
- Ability to engage the business at an Executive level, as well as managing Technologists.
- A self-starter with the ability to operate independently,
- Ability to work with internal locus of control and ambiguity and identify and engage key stakeholders in the absence of clearly defined framework.
- Advanced MS Office skills.
- Willing to travel.
Key Performance Areas:
- Establish the vision, goals, high level roadmap and objectives of the information security, IT quality, IT risk, IT compliance and IT governance programs.
- Plan, develop and implement enterprise-wide information security strategy and best practices.
- Provide the foundations and packaging for the implementation and operation of functional processes for information security, IT quality, IT risk, IT compliance and IT governance.
- Be accountable for security incident management, working with the service providers to detect, contain and mitigate incidents and to resolve root causes to improve risk management.
- Ensure initiatives/programmes are anchored in best practice whilst still being highly practical/pragmatic.
- As a high priority, work to continuously improve the information security awareness and behaviours of employees within the business.
- Stay abreast of emerging security risks and technology trends.
- Be accountable for the identification, governance and management of IS Security risks relating to IT systems, industrial systems and the supply-chain.
- Ensure business compliance with group security policies, including the creation of business-specific security policies and standards as required.
- Work alongside the Data Protection Function to ensure adherence to legislative requirements across the group.
- Review the security footprint of IT & OT suppliers to ensure risk is managed effectively within their organisations.