WHAT TO EXPECT
This is a fantastic opportunity for an Information Security Risk Manager to join JLR's Information Security Governance, Risk, and Compliance department, which is responsible for protecting the company's digital landscape while ensuring regulatory compliance.
As an Information Security Risk Manager, you will oversee the delivery of risk processes for information security across JLR while also supporting other functions such as IT, governance, compliance, security culture, and supply chain security assurance. Furthermore, you will contribute to JLR's information security strategy to strengthen the company's overall security posture.
This is an exceptional chance to work in a dynamic, growing team and play a critical role in protecting JLR's information assets globally.
Key Accountabilities and Responsibilities:
1. Create and execute effective risk management policies and strategies across all business domains globally.
2. Conduct comprehensive audits and risk assessments to find threats and vulnerabilities and support the evolution of the Information Security Strategy, with an emphasis on risk reduction.
3. Work with cross-functional teams to prioritise risks and develop risk treatment plans.
4. Establish monitoring mechanisms and key risk indicators (KRIs) to proactively address security concerns.
5. Oversee and guide the Vulnerability Governance process from a risk perspective.
6. Offer guidance and recommendations on risk management best practices.
WHAT YOU'LL NEED
1. Strong knowledge of information security processes, functions, and practices, including strategy development, risk identification, documentation, management, and mitigation.
2. Good understanding of information security standards such as ISO27001, NIST CSF, SCF, COBIT, and relevant legal frameworks such as GDPR.
3. Broad understanding of technical, organisational, and procedural controls, as well as knowledge of the information security tooling and vendor landscape.
4. Proficient communication skills in communicating technical information effectively, both verbally and in writing, and adapting content to suit technical and non-technical audiences.
5. Experience with Agile methodologies (e.g., SAFe, SCRUM).
6. Previous experience in managing information security in highly regulated businesses.
#J-18808-Ljbffr