Cyber Risk Specialist – Inside IR35
This role will help provide information security and cyber risk assessment to be incorporated into risk assessments, focused on specific business processes or applications. This role will also work alongside other global information security colleagues and architecture to ensure that cyber risk by design principles are incorporated into all designs. They also will also help identify and suggests prioritisation of cyber risk treatment for our client and subsidiary companies with the Information Security area and determines how to maintain and improve adherence to regulatory requirements and corporate policies alongside legal colleagues. This role will also help the information security awareness specialist in the team craft cyber risk training and awareness programs and set up and maintain a consistent cyber security breach response plan for each business unit.
It requires an ability to balance a hands-on approach to risk from a security risk management perspective, with an ability to self-direct, prioritise and manage work in plus the improving the quality of service provided to our client and its subsidiary companies regardless of delivery method (internal or 3rd party) with respect to cyber risk.
Cyber risk processes and services within our client are under constant development and focus and a key part of this role will be to work with the Head of Cyber Security Risk & Compliance together with the International CISO to help define, regulate, and improve these as part of the virtual security team.
This role forms part of the wider strategic Cyber Security and Privacy programme being developed focusing on the reduction of risk to the organisation. It requires knowledge of information security activities across technology, process, and governance as well as in depth cyber risk management.
Hire date to start: As soon as possible, likely start date March /April
Location: 100 % remote; Limited travel to regional technology centres/hubs and corporate headquarters in Egham, UK.
- Serves as a liaison and point of contact for the companies colleagues for Cyber security risk
- Help to ensure effective execution of the companies risk management framework
- Provide advice and instructions on how to conduct cyber security risk assessments to business units
- Assist in the enhancement of existing Information Security risk processes to extend coverage and give better definition of information security assurance for the organisation and its subsidiary companies.
- Provide input into DPIAs from a Cyber security and risk perspective to support Business and Legal colleagues in completing DPIAs
- Assist in the monitoring of information security management procedures and compliance within the company alongside the wider Cyber security community and the Head of Cyber Risk and Compliance
- Provide input to the organisations Enterprise Risk Management team and assist with Cyber Security GRC activities
- Provide Cyber risk input and advice into Global Cyber Operations support and operations as needed
- Help to ensure that Cyber security risk reporting is appropriate for all audiences, so they understand the most significant risks and they are aware of risks relevant to their parts of the business whilst aiding individuals to understand their accountability for individual risks
- Participate in meetings and design workshops to ensure cyber risk by design at all levels
- Perform audits / assurance activities within the cyber risk TPRM framework and determine if the company needs to alter our procedures to comply with regulations
- Offer consultation on how to deal with data breaches from an information security perspective
- Follow up with changes in law and issue recommendations to ensure compliance from a Cyber security perspective
- 8+ years’ experience in information security governance and assurance – focussing on risk management Or A minimum 7+ years of experience within an information discipline with a formal information security qualification and extensive experience of data cyber risk and compliance in complicated environments
- Experience in multi-lingual environments, with high standards of written and spoken English
- Experience of GDPR and Data Security and Protection control frameworks
- Knowledge of Cyber risk management in large complex corporate organisations
- Experience in supporting Cyber security compliance regimes.
- Ability to maintain composure and continue to function effectively under pressure.
- Excellent presentation, communication and interpersonal skills required.
- Comfortable interacting effectively at all levels of the organisation and group companies.
Knowledge & Skills
- Subject matter expert in cyber risk identification, management, and remediation advice
- Use of formal risk management tools for third party and GRC tasks
- Skilled in working in highly complex federated management organisations
- Self- starter with the ability to work independently
- Excellent verbal communication and interpersonal skills
- Excellent writing and documentation skills.
- Good analytical skills with the ability to tailor an approach based on data and information received
- Ability to think and plan strategically balanced against the need to deliver
- Actively drives the sharing of best practice for Risk management