IT Security Risk & Compliance Lead

The IT Security Risk & Compliance Lead plays a central role across Cyber and Information security. The primary purpose of this role is to manage and influence all aspects of security risk management activity across the Group, but particularly in respect to IT and Information Security. You will also assist in the delivery of Security Policy, Data Classification, and Compliance Management in accordance with policy and regulatory requirements. You will help develop the compliance knowledge and skills through the rollout of tools, policies and procedures, formal training and coaching and mentoring, working with individual Project Teams and Asset Owners ensuring that they understand their security responsibilities. You will also deliver against the business strategy, the technical roadmap and objectives set out in the Security strategy - covering Operational Information, Cyber, Digital and Physical. There is significant investment and growth throughout the Cyber and Information Security function, and you\'ll be joining a high-calibre team where you can have real impact.

For full details please contact Tim Philpotts at Morson

• Manage and influence all aspects of security risk management activity across the Group, with emphasis on IT and Information Security.
• Assist in the delivery of Security Policy, Data Classification, and Compliance Management in accordance with policy and regulatory requirements.
• Develop the compliance knowledge and skills through the rollout of tools, policies and procedures, formal training and coaching and mentoring; work with individual Project Teams and Asset Owners to ensure they understand their security responsibilities.
• Deliver against the business strategy, the technical roadmap and objectives set out in the Security strategy — covering Operational Information, Cyber, Digital and Physical domains.

• Previous experience working with IT Systems in a corporate environment.
• Good knowledge of control frameworks such as ISO27001, ITIL (Information Technology Infrastructure Library), NIST, IEC 62443 and SABSA.
• Good knowledge of Risk Management Methodologies such as ISO27005, IRAM2 and IEC (phone number removed)-2.
• Strong technical skills across IT.
• Ability to interpret regulations and laws and communicate effectively to all levels of the organisation.
• Excellent presentation, project management, problem-solving, training/coaching, and conflict resolution skills.
• Ability to track and manage numerous parallel projects and activities.
• Ability to work successfully in a cross-functional team environment.
• Excellent stakeholder management.