Description
IS Risk and Compliance Manager
Rate: £flexible/negotiable
Location: Staines
Term: 6 months initially
Sopra Steria Recruitment are now looking for an Information Security Risk and Compliance Manager to join a fantastic organisation in Staines for an initial 6-month contract.
Role
Improve and deliver a robust information security risk and compliance governance and management framework and associated processes to meet the business, legal and regulatory obligations and deliver our information security strategy.
Responsibilities
- Maintain information security governance into corporate governance to ensure that organisational goals and objectives are supported by the information security programme
- Collect information and review documentation to ensure that risk scenarios are identified and evaluated
- Identify legal, regulatory and contractual requirements and organisational policies and standards related to information systems to determine their potential impact on the business objectives
- Identify potential threats and vulnerabilities for business processes, associated data and supporting capabilities to guide in the evaluation of enterprise risk. Improve upon and maintain a risk register to ensure that all identified risk factors are accounted for
- Effective delivery of the PCI DSS, FCA and ISMS strategies and assurance of on-going compliance across all sales channels, processes and systems
- Identify and report on risk, including compliance, to initiate corrective action and meet business and regulatory requirements conduct (internal/external)
- BGIS reviews through the Audit life cycle eg contributing to ToR definition/sign off, cycle planning and coordinating fieldwork across IS teams
- Support 2nd and 3rd line of defence with ITGC, FCA, CSL and financial audits
- Prepare supporting material including reports and updates for senior audit, compliance, operational, legal, regulatory risk and control boards, committees
Skills/Experience
- Experience in a similar role - Essential
- Professional information security certification eg CISSP, CRISC, CISM - Essential
- Knowledge of standards, frameworks and leading practices related to risk identification, assessment, evaluation, response and monitoring
- Knowledge of threats and vulnerabilities related to business processes and initiatives
- Knowledge of information systems architecture (eg platforms, networks, application, databases and operating systems)
- Knowledge of information security concepts, elements of a risk register
- Knowledge of threats and vulnerabilities associated with emerging technologies
- Knowledge of legal and regulatory environment, including but not limited to FCA, PCI DSS, PRA and relevant contractual commitments
- Knowledge of risk identification, assessment and mitigation methodologies
You could be currently working as: Cyber Security Consultant, IS Specialist, IS Risk and Compliance Manager, Security and Compliance Specialist, Information Security Manager or Cyber, Chief Information Sec. Officer, CISO or Head of Group Risk.