This is a fantastic newly created opportunity for an information security professional with a strong grasp of risk and control to join a 2nd line global risk team in this well regarded financial services organisation. As the oversight lead for IS you will be key in designing and implementing the IS risk framework, policy and strategy and you will have exposure to key security technology and risk stakeholders globally. Youll work closely with risk and information security to ensure adequate and appropriate systems and controls are in place to identify potential adverse events, including hardware and software crashes, physical disasters, malicious intruders, malware, denial of service attacks and employee misconduct.
· Developing and maintaining the global Info Sec Risk Management Framework
· Oversight of Information Security risks and issues, including independent review, assurance and timely reporting to key stakeholders (e.g. boards, committees, regulators), in relation to the effectiveness of the control environment
· Oversee the effective recording, analysis and reporting of Information Security risk incidents and evaluating materiality
· Contributing to the development of appropriate systems / tools to measure and report on key Information Security risk management metrics and support reporting to subsidiary boards, and leadership teams
· Assisting reporting, insight and information on the Information Security risk management performance of including the provision of recommendations and suggested improvements
· Represent Risk Management team on projects and change initiatives, and supplier onboarding and management
Work with the Global Information Security team to:
· Assist business stakeholders with design and implementation of Information Security operational best practice and process and control improvements.
· Develop and monitor key Information Security risk indicators and scorecards for various risks and obligations to measure business performance against risk appetite.
· Examine employee compliance with security controls and deficiencies.
· Evaluate security policy, processes and procedures for completeness.
· Ensure that controls are adequate to protect sensitive information systems.
· Provide mitigation/ damage reduction proposals.
Were looking for:
· Working knowledge of security frameworks/standards e.g. ISO 27001, HMG Cyber Essentials or NIST Cybersecurity Framework.
· Ideally, Certified in Risk and Information Systems Control (CRISC) or other risk management certification.
· Excellent analytical skills.
· Flexibility in approach, ability to adapt practices, effectively react to internal and external events and activities.
· Achieve quick and considered decision making and embrace change.
· Pro-active approach to tasks and to be accountable and take ownership for things.
Please get in touch if this sounds like your next move!
Appointments is the only Scottish agency specialising exclusively in Corporate Governance recruitment. Please call to discuss with a Director