Works with the VP of Global IS Security and the Senior Manager of Risk & Compliance to support IS in delivering IT/OT governance activities.
Provide direction and leadership for the Governance IT/OT function.
Develop and execute the governance strategies in alignment with the overall long-term corporate strategy to improve efficiency and effectiveness.
Partner with the Risk & Compliance Lead to identify, assess, and prioritise IT risks and ensure that governance practices effectively address these risks.
Operates as the Subject Matter Expert/Primary Point of Contact for governance-related activities, providing guidance and education as required.
Collaborate with the Cyber Manager to develop governance frameworks for incident response, ensuring IT policies support quick recovery and mitigation strategies.
Leads pre-emptive activities to support Governance improvements while providing continuous input for process improvements.
Ensures timely and accurate reporting for senior management and key stakeholders to support decision-making.
Ensure that governance documentation is maintained and readily available for audits, working closely with the Risk & Compliance team to facilitate thorough reviews.
Ensures that the audit tests, maturity assessments, self-certifications, and reviews are relevant, consistent, and conducted following professionally accepted auditing standards.
Manages the development of policies and processes which align with core business functions.
Uses professional knowledge and experience to set departmental goals which align with the overall function strategy.
Monitors the progress of critical in-house programs and ensures regulatory compliance.
Works with colleagues in International Business Units (IBUs) to ensure governance, standards and compliance are aligned and support international IS functions where required.
May be required to provide out-of-hours support via an on-call rota.
Critical Skills
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate compliance and risk-related concepts to technical and non-technical audiences at various hierarchical levels.
Experience in managing a team.
Operational Technology expert level
Significant experience in implementing, managing, reviewing, and improving internal controls for governance, compliance, IT and OT audits, or assurance and risk management programmes.
Proven track record of performing internal or external audits (financial/operational/IT and OT) by relevant professional standards.
Expert level understanding of designing, implementing and operating IT and OT Control Frameworks
Leads on complex assignments that require expertise and develops innovative GRC technical solutions.
Provide expert-level technical support and monitor and improve processes and interventions for the GRC assurance programme.
Validates operational GRC plans and oversees regulatory compliance and assurance.
Proven track record and experience in developing policies and procedures and successfully executing programs that meet the objectives of excellence in a dynamic business environment.
Demonstrated ability to work with and report to a governance board (i.e., Risk, audit committee or similar)
IT and OTIL, CISA, CISM or equivalent preferred
Highly proficient in audit methodologies, mainly but not limited to those applicable in IT and OT environments.
BSc or equivalent experience or qualification in Computer Science or equivalent IT and OT work experience
Understanding of regulatory requirements, including cross-industry regulations (e.g., NIST2, OG86M, GDPR, Data Protection Act) and industry-specific regulations.
Highly skilled in designing and implementing compliance and control frameworks.
Proficient in IT and OT governance and quality standards
Knowledge of common information security management frameworks, such as ISO/IEC 27001, IT and OTIL, COBIT and OT, as well as those from NIST(2), including 800-53 and Cybersecurity Framework
Excellent stakeholder management skills
High level of personal integrity and the ability to professionally handle confidential matters and show appropriate judgment and maturity.
Ability to work cross-functionally with relevant functions - e.g., group risk and group audit - to ensure standards are appropriately reflected in IS and OT-specific domains.