IT Security and Risk Manager
Hybrid / West Midlands
£80,000 - £100,000 plus circa 20% bonus, private healthcare and some other amazing benefits
Permanent, Full Time
The Company
My client are a large and nationally recognised financial services business who are known for being one of the UK's 'great places to work' having won multiple awards. They are headquartered in the West Midlands and offer up to 80% home working.
The Role
The IT Security and Risk Manager will lead the effective management and mitigation of information technology including IT architecture, Cloud and AI computing as well as information security including data protection risks, across the organisation.
Key Responsibilities
- Lead the 2nd line assurance of information security and technology including IT architecture, Cloud and AI computing.
- Manage Third-Party compliance on all risks with specialism on information security, technology including Cloud and AI computing, data protection and operational resilience requirements and the associated risk profile.
- Manage and utilise the enterprise-wide operation of the Governance, Risk and Compliance (GRC) tool to identify information security, technology, and supplier risk trends and oversee the analysis of risk data.
- Produce meaningful and timely Management Information to governance committees and the executive management.
- Define policies and risk frameworks for security, technology, supplier, and PCI so they are in line with current regulations and best practice.
- Provide expert technical advice, support and assurance to senior stakeholders, individuals and data owners in their responsibilities and obligations under the ISO 27001, COBIT and PCI standards.
- Manage and develop a team of direct reports.
Skills and Experience required
- Strong experience of Risk Management within a 2nd line cybersecurity assurance function
- Expert in Cyber Security risk frameworks and risk reporting
- Wealth of knowledge of control principles and practices and familiarity with the ISF Standard of Good Practice, ISO 27001:13, NIST and other security standards including PCI-DSS
- Expert understanding of control principles and practices and familiarity with the IT Standard of Good Practice, COBIT / ITIL
- User and manager level knowledge of GRC technologies and associated reporting modules
- A recognised Information Security certification is preferred e.g. CISSP, CISM or CRISC
Please apply via the link or contact matthew.stone@akkodisgroup.com for more information
Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law.
Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers.
By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.