Description
The role of the Security, Risk and Compliance Lead is to provide leadership and oversight of information assurance - setting high level strategy and policy, to ensure confidence is maintained against risks. This is specifically focused on the confidentiality, integrity and availability of information and systems, ensuring it is managed pragmatically, appropriately compliant and cost effective.
You will carry out risk-based security health checks, maturity assessments and other risk-based reviews of the IT systems and infrastructure design. This role will require you to frequently develop policy, strategy and standards, and usually include working alongside various parts of the business. Additionally, in a project support role, you will form part of a team developing requirements, monitoring change and designing information solutions.
You would be the 'security lead' responsible for defining processes and deliverables as well as regulating costs and risk. You will be the business's subject matter expert and as such is expected that you will be an ISO27001 qualified auditor with additional CISA, CISM or CoBiT certification and a good understanding of ITIL.
You must have a strong understanding of 'information security' and a familiarity with current trends and recent developments in information security. You should take a holistic view of security issues but see security frameworks/processes at business unit or programme level. You should have the ability to think beyond how a system should operate and consider modes of accidental and malicious failure of the service that may occur.
You will lead all external (ISO27001) and internal security audits. You must have a good understanding of security governance for information systems. You should understand and have experience of business and technical information security concepts such as risk management, standards, defence in depth, accreditation, BCM, penetration testing and manage training and awareness of staff.
On occasion you will need to articulate security advice directly to CIO or Director level stakeholders. In addition it is expected that you will have excellent communication skills, both written and verbal, excellent presentation skills with the ability to present complex ideas to technical and non-technical audiences.