24 days ago
As a key member of the wider Information Security team, the Information Security Risk Officer works across all levels of the business, providing input in day to day activities as well as engaging with technical leadership and senior Business managers. You will be supporting the wider information security risk team from a technical perspective, particularly with cloud and data security initiatives, security testing and security control implementations.
Lead Security risk assessments within projects, supplier engagements and IT change
Ensuring security risks are managed in line with the firms risk policies
Work with Suppliers to agree remediation plans and track remediation activities
Communicate the security impact of technology risks, the approach to risk mitigation and risk acceptance across all levels of the business
Provide risk advisory services to technology and business groups
Work with stakeholders, both technical and non-technical to enable a pragmatic approach to applying security best practice
Provide Security and Technical expertise during Information Security audits
Experience in technical risk management (5+ years)
Experience in cloud security and risk, ideally arising from experience supporting cloud transformation and migration initiatives
Experience leading technical controls assurance testing
Experience to be complimented by certifications e.g. CRISC, CISSP, ISO27001 Lead Auditor, Data Privacy (e.g. CIPT) etc.
Must have experience working within a highly regulated environment
Experience educating colleagues in security supplier assurance and security risk
Experience of Business Continuity Risk identification