The OpportunityThis enterprise scale business is seeking a GRC focussed information security professional to join as an Information Security Governance & Risk Lead.Being responsible for managing IT risks, you will develop and deliver IT Security and Governance processes, policies and procedures, ensuring effective controls are in place, monitored and managed, to minimise and mitigate organisational risk.This is an exciting time to join the business as it embarks on a major cyber security programme of work. The company operates a hybrid working policy where you will be in the office 4 days a week.The RoleAs the SME for IT Risk, you will:
1. Provide expertise on compliance with internal and IT Security policies and governance controls (e.g., ISO27001, ISO27019, NIS-R, CAF).
2. Be accountable for technical and non-technical risk assessments, monitoring compliance, and recommending technical controls.
3. Ensure timely resolution of internal and external audit actions.
4. Ensure IT Business Continuity planning, collaborating with Emergency Planning and Business Services.
5. Regularly review IT policies, processes, and standards, recommending cost-effective actions and controls.
6. Manage IT Security vendors, suppliers, contractors, and the Managed Security Service.
7. Collaborate with peers within the Cyber Security team on regulatory and project assurance, managing audits, and assessing risks.
8. Develop IT Cyber Secu...