Head of Cybersecurity Governance Risk and Compliance

Head of Cybersecurity Governance Risk and Compliance

Location: Mainly remote based working in the UK with travel to Oxford, Cowley (OX4 2GQ) occasionally
Contract: Permanent
Hours: Full time
Salary: £70,000 per annum, plus car / car allowance
Benefits: 33 days holiday, pension, life assurance, employee assistance programme, wellbeing support, and flexible benefits scheme

About the Job
 
As our Head of Cybersecurity Governance Risk and Compliance you’ll work closely with business and technology teams, helping to articulate and communicate the InfoSec governance program, identify risks and evaluate and help implement controls and improvements.
 
As part of your key responsibilities you’ll:
 
• Manage the day to day of the function and team
• Support the management of Information Security governance for the organisation, ensuring adherence to Group policies and standards
• Ensure key Information Security risks and issues are identified, addressed and resolved in a timely manner
• Work closely with the Director of Information Security to ensure Group security strategy is appropriately implemented, and divisional requirements are understood and supported
• Assist in management of the Group’s Information Security Management System including maintenance of the ISO 27001 certification
• Engage with the IT Security Operations team and assist the Director of Information Security in providing oversight and challenge to that function
• Participate in periodic security related testing activities (e.g. Crisis planning events, DR exercises)
• Prioritise and manage response activities
• Drive the audit and client management aspects of the Information Security team, including client due diligence questionnaires, and help design more effective procedures in this space
• Improve and support relevant security metrics; analyse data, identify trends and drive improvements to the control environment
• Assist in general Information Security related issues as required, including potential interaction with the Security Operations team, Technology teams and business stakeholders
• Working with the Security Architect ensure alignment of bid requirements with existing InfoSec standards and liaise with relevant teams for resolution where non-standard requirements are identified

About You
 
We’d love you to have the following skills and experience, but please apply if you think you’d be able to perform well in this role!
 
• Excellent written and verbal communication skills
• Previous experience within a GRC function, IT Security/Cyber team, Internal Audit or an IT environment
• Hands on practical experience of ensuring full compliance with legal & regulatory frameworks including ISO 27001
• Risk management
• Strong leadership and communication skills, with the ability to motivate and manage a team

Our recruitment and selection process has been developed to ensure that it is consistent, fair and provides equality of opportunity - all selection decisions are based solely on technical and behavioural competencies. We do not discriminate on the grounds of race, colour, or nationality, ethnic or national origins, sex, gender reassignment, sexual orientation, marital or civil partnership status, pregnancy or maternity, disability, religion or belief, age or any other current or future protected characteristic as defined in the current Equality Act of England and Wales. As an organisation we also promote an environment which encourages diversity of characteristics and thought, where you feel included, safe and confident to be the best version of yourself and do your best work every day.
 
You may also have experience in the following: Head of Cybersecurity GRC, Head of Information Security Governance, Cybersecurity Governance Lead, GRC Manager (Cybersecurity), Information Security Risk Manager, Senior GRC Consultant (Cybersecurity), Cybersecurity Risk and Compliance Lead, Information Security Compliance Manager, Head of InfoSec Governance, ISO 27001 Compliance Lead, ISO 27001 Lead Implementer / Auditor, NIST Cybersecurity Framework, Risk management (cyber/information security), Information Security Management System (ISMS), Control assurance / control testing, Regulatory compliance (GDPR, UK Cyber Essentials), Security governance frameworks
 
REF-(Apply online only)