Reports to Group CISO
Salary: £80,000 - £100,000
The Information Security Governance, Risk and Compliance Lead is a role with a variety of responsibilities which will suit an all-round security professional. This is a great opportunity for someone with CISO aspirations to join the team and experience their transformational journey. This role will give the opportunity for the right candidate to get broad experience of many aspects of information security in one role.
This role reports to the Group CISO and has one direct report.
Successful candidates will be required to achieve and maintain DV clearance.
Responsible for the information security programme – ensure that it delivers the strategy to time, cost and quality
Responsible for managing and forecasting departmental budgeting cycle and ensuring that all activities are delivery on budget
Responsible for establishing the governance framework for information security, building on the existing governance groups
Accountable for improving the information security culture across the organisation and increasing the personal accountability for information security taken by everyone accessing information systems.
Working with the wider team, co-ordinate risk management activities – risk register, overall risk reduction etc as input to the strategy
Develop regular reporting of metrics and key risk indicators both internally within the group and to key stakeholders
Accountable for Information Governance – support the business areas to identify which information is critical and sensitive to the business and implement additional controls to protect it. This included formal classification of information as defined by each of the governments.
A relevant degree or security qualification
Highly organised individual
Outcome focused delivery
Data driven, always striving for transparency
Excellent stakeholder relationship skills
A ‘can-do’ attitude
Demonstrable experience of driving information governance improvements
Demonstrable experience of leading information security projects and programmes
Demonstrable experience of using metrics to drive improvement
Experience of creating and leading governance boards
Experience of audit processes
Experience of risk management
Specific knowhow and technical skills:
Generalist understanding of information security management systems such as ISO27001 or NIST
Strong project management skills
The ability to discuss and explain information security concepts in business language and vice versa