Description
My client, an International Financial Services organisation, are looking for an Information Security Risk and Controls Manager to join their growing team in London.l
About the Information Security Risk and Controls Manager Role:
In this business critical position you will be working with the wider Information Security team across the group to ensure that the firm's regulatory information security requirements are understood and complied with, providing appropriate protection of both company and customer confidential information.
Key responsibilities:
- Establish and maintain information security risk management framework
- Maintain information security risk register and monitor mitigation plans and controls
- Monitors, identifies, and analyse current and emerging information security risks
- Assess the effectiveness and efficiency of risk mitigation strategies, recommends improvement to achieve an acceptable level with stakeholders
- Conducts information security risk assessments and ensure consistent assessment and articulation of risk opinion
- Develop and maintain information security controls matrix
- Compliance monitoring of design of controls and operational effectiveness
- Ensure risk and control activities can be evidenced and audited
- Engages and provides input to compliance activities and provides assurance to stakeholders
- Establish and maintain relationships and communication channels across the group to facilitate effective identification and management of risk
- Provides information security and risk / control support guidance and education
- Support the information security relationship with suppliers and provide oversight from risk/control perspective
- Assist with the development and implementation of security improvement plans / strategy
- Builds comprehensive KRI / KPI and reports to stakeholder
Criteria:
The education and preferred experience wanted for the role would be some of the following:
- A Bachelor's degree in business, computer science or a related information security field - Further formal education would be a plus - A minimum of 5 years in information security risk/controls management, IT audit/compliance or GRC based positions (Financial services experience would be beneficial)
- Versatile, with a strong focus on delivery
- Strong understanding of IT systems landscape and ITIL and CoBIT frameworks
- Proven experience in delivering risk / security assessments
- Proven knowledge of frameworks including, ISO 27001, ISO27005 or ISO31000
- Knowledge of regulatory compliance and frameworks covering technology and data protection principles
- Existing certification, for example CISM, CRISC or CISA would be an advantage
This international financial services firm requires no introduction and is recognised as the leader in their field. If you enjoy information security risk and want to join a firm that has the backing of some of the brightest minds in their respective industry then this role is for you.
Apply today or call me on to find out more.