Information Security Governance & Risk Lead

Nigel Wright Group

Posted 10 hours ago, valid for 22 days

Newcastle Upon Tyne, Tyne and Wear NE27 0BJ, England

Full Time

In order to submit this application, a Reed account will be created for you. As such, in addition to applying for this job, you will be signed up to all Reed’s services as part of the process. By submitting this application, you agree to Reed’s Terms and Conditions and acknowledge that your personal data will be transferred to Reed and processed by them in accordance with their Privacy Policy.

The OpportunityThis enterprise scale business is seeking a GRC focussed information security professional to join as an Information Security Governance & Risk Lead.Being responsible for managing IT risks, you will develop and deliver IT Security and Governance processes, policies and procedures, ensuring effective controls are in place, monitored and managed, to minimise and mitigate organisational risk.This is an exciting time to join the business as it embarks on a major cyber security programme of work. The company operates a hybrid working policy where you will be in the office 4 days a week.The RoleAs the SME for IT Risk, you will:

Provide expertise on compliance with internal and IT Security policies and governance controls (e.g., ISO27001, ISO27019, NIS-R, CAF).
Be accountable for technical and non-technical risk assessments, monitoring compliance, and recommending technical controls.
Ensure timely resolution of internal and external audit actions.
Ensure IT Business Continuity planning, collaborating with Emergency Planning and Business Services.
Regularly review IT policies, processes, and standards, recommending cost-effective actions and controls.
Manage IT Security vendors, suppliers, contractors, and the Managed Security Service.
Collaborate with peers within the Cyber Security team on regulatory and project assurance, managing audits, and assessing risks.
Develop IT Cyber Security reporting, promoting policy and governance awareness.
Continuously improves IT Security Risk processes and compliance initiatives.

The PersonAs an experienced Governance, Risk & Compliance professional you will be proficient with working to standards such as ISO 27001 and NIS-D / CAF. Specifically you will have:

Experience in delivering information security certification and maintaining compliance.
Experience in creating and reviewing IT security policies.
High-level understanding of operational technology systems and their risks.

Certifications such as ISO 27001 Implementer or Lead Auditor, CISM, CISSP or CISA will be beneficial though not essential. Exposure to CAF would be ideal.Applications are invited for both seasoned Information Security Managers as well as those looking to make the step up into this area from a GRC focused role such as from IT Audit.You must have the ability to obtain UK security clearance and have been a UK resident for 5 years or more.

Information Security Governance & Risk Lead

Cyber Security Manager

Cybersecurity Specialist

Data Analyst - 4 Month contract role