Information Security Risk Manager

The opportunity

This is a brand new role and a key hire within the Partnership, responsible for supporting the embedding and maturing of the Security and Technology elements of the Group Risk Management Framework and supporting ongoing governance, assurance, and oversight across the first line Security and Technology functions.

Supporting the Information & Data Security Officer, you'll be involved in the delivery of a programme of second-line assurance reviews, audits and tests to ensure the appropriate controls are effective with recommended actions reported to management to ensure risk levels remain within appetite and operations are compliant with policy, standards and regulatory requirements.

You'll foster meaningful relationships across the business including first line security and technology, internal audit, first and our privacy & data protection teams to help them understand and mature their risk and control environments.

This is a hybrid role, with an average of two days per week required in our Swindon office.

The benefits:

• Salary - up to £60,000
• Bonus scheme - on target bonus - 10%
• Pension scheme - contribute up to 5% of your salary and Openwork will match you and put in an extra 5%
• Critical illness cover
• Income protection - 1 x salary
• Death in service - 4 x salary
• 27 days holiday + bank holidays, with the opportunity to buy up to an additional 10 days
• A range of other flexible benefits to include private medical insurance, dental insurance and much more.

Key Accountabilities:

• Security Governance - Represent the second line security function in security/technology risk forums and working groups, to offer input and challenge to first-line security policy, process, and strategy.
• Security & Technology Risk Management - Collaborate with Group Risk function peers to ensure security and technology risk is represented within the Enterprise Risk Management.
• Security & Technology Risk Management - Work with first line security and technology functions to align control frameworks with best practice to mitigate risk.
• Security Assurance - Assist in the delivery of the annual second line assurance activity plans over first line security, reporting on findings and setting recommended actions.
• Technology Assurance - Assist in the delivery of the annual second line assurance activity plans over first line Technology, reporting on findings and setting recommended actions.
• Risk Reporting & Administration - Support the periodic Group Risk team reporting activities and facilitate the first line tracking and reporting of issues and minor risks.
• Advisory/Consultancy - The ability to advise/consult on all business initiatives in line with Information Security Risk while being an enabler wherever possible in line with the strategy of the business.

What will you need to succeed?

Frameworks (previously worked within)

ISO27001, NIST, ISF Standard of Good Practice, PCI-DSS, CIS Top 18, CIS Benchmarks, OWASP, COBIT, Cyber Essentials.

Qualifications: (Desirable)

• BA/BSc degree or equivalent experience in the field of IT or IT Security.
• CISSP, CISM, CISA, CCSP, CRISK, ISO27001 or similar entry level to mid-level ISC2, ISACA or SANS.

Experience:

• Working in financial services or with financial services clients that were subject to regulatory requirements such as FCA, PCI-DSS and GDPR.
• Delivery of audits, assurance reviews and risk assessments across complex environments.
• Experience of the tools, systems, services and techniques used for vulnerability scanning, penetration testing, firewalls, WAF, endpoint security, browsing and email controls.

Knowledge:

• Understanding and implementation of security and information technology fundamentals across multiple domains of information security, operational resilience, disaster recovery and business continuity; ideally in a Microsoft-dominated ecosystem.

Skills and Competencies:

• Ability to confidently convey very technical concepts to non-technical audiences.
• Demonstrable experience of producing reports for management.
• Excellent communication skills to articulate security risk to Projects and Technical departments.
• Ability to operate in a fast-paced environment with the skills to deal with complex issues.

Why us?

We're a dynamic, fast paced, and growing business with huge ambition. This is all made possible by the brilliant people who are part of The Openwork Partnership family. We're investing heavily in our colleagues, continuously striving to give them the platform to develop personally and professionally and reach their full potential.

We're also very proud of our culture, as one of the Best 100 Large Companies to work for in 2022. The Openwork Partnership values, and respects individuality and we are committed to building an inclusive culture and environment which truly recognises and celebrates our colleague's individual differences and identities - just like our financial advice, for us, it's personal. We believe everyone can make a difference and your race, religion, disability, and gender will never be a barrier. At Openwork, we have a strong ethic of care for each other where you can balance a successful career with your commitments and interests outside of work. We believe that you will bring your best self to work if you are trusted to choose when, where and how you do it.