Hiring Manager - Tom Knight Closing Date - 4th April 2025 The Opportunity This role involves overseeing Landmark's risk management practices, performing both qualitative and quantitative data analysis, and effectively communicating findings to diverse audiences. Key responsibilities include leading risk assessments, presenting results, recommending actions, and promoting best practices. Additionally, the role focuses on enhancing risk management processes, conducting internal reviews, managing a team of analysts, and ensuring the effective implementation of risk treatment actions. Proficiency in FAIR is highly desirable. Furthermore, the role is responsible for maintaining security policies and procedures in alignment with ISO 27001 standards to ensure compliance and robust information security management. This includes conducting regular audits, updating policies, and implementing training programs to keep all stakeholders informed. The role also involves assessing supplier compliance with security requirements and mitigating risks associated with third-party vendors. The role will involve: Lead the performance of Risk Assessments and present detailed results, recommending actions to address risks and drive best practices. Oversee the maintenance and continuous improvement of the risk management framework and artefacts. Enhance and refine processes and procedures for risk analysis and management activities. Integrate advanced risk management principals into policies, procedures, and standards, ensuring they are relevant and up to date. Ensure that thorough internal reviews are conducted to assess and improve the organisation's risk posture. Manage and mentor a team of risk analysts, providing guidance and support to ensure professional development and effective performance. A working knowledge of the FAIR (Factor Analysis of Information Risk) assessment methodology is highly desirable Coordinate with teams to ensure effective implementation, verification, and closure of risk treatment actions. Maintain our ISMS in line with the ISO27001:2022 standard and ensure policies and procedures are effective across our organisation. Lead the response to 3 rd party information security audits and questionnaires Lead collaboration with Compliance and other teams on external and internal audits and reviews. Work closely with our procurement team to ensure that Supplier risks are effectively assessed and managed. Review 3 rd party and customer security schedules to ensure we can meet the obligations outlined About You You will have experience in an Information Security GRC role or in compliance, auditing, data protection, information security, risk management, or a related field. You will excel at translating policy statements into actionable, implementable risk and security controls that can be monitored, audited, and continuously improved. You will possess the ability to evaluate their effectiveness and recommend enhancements. Additionally, you will have: The drive and motivation to make improvements Excellent communication skills A proven track record in identifying Information Security risks and providing suggestions on mitigation/treatment through the implementation of risk treatment plans Good understanding of common information risk and security management standards, frameworks, and laws / regulations: e.g. ISO/IEC 27001, GDPR, NIST 800-53, etc. Experience using FAIR (Factor Analysis of Information Risk) methodology to quantify risks Experience with data mapping and risk assessment tools and processes that identify information security and cyber risks to business assets and operations is highly desirable