Social network you want to login/join with:
Director - Security Risk Management Lead, London
Client:
Morgan McKinley
Location:
London, United Kingdom
Job Category:
Other
EU work permit required:
Yes
Job Views:
4
Posted:
13.04.2025
Expiry Date:
28.05.2025
Job Description:
Job purpose
The Information Security Risk Management Lead is a key member of the Risk Management team and is responsible for leading the implementation of the Enterprise and Operational Risk Management frameworks designed by the firm to identify, measure, monitor and mitigate information security risks. The successful candidate serves as a second set of eyes to management to provide review and credible challenge of the effectiveness of information security processes and controls. This position is highly engaged with the firm-wide Information Security teams who provide security solutions as well as all corporate departments that own information security risk.
Essential Function / Major Duties and Responsibilities of the Job
Strategic
* Risk Culture - Assist the CRO and Head of Enterprise Risk and Operational Risk Management in driving the culture of engagement, teamwork and accountability.
* Risk Assessments – Collaborate with the Information Security teams to guide and challenge risk assessments, and lead in efforts to strengthen the control environment in line with the evolving threat landscape.
* Process Improvements – Identify opportunities to reduce risk of recurrence of incidents and events through process evaluation and improvements plans.
* Operational Risk Management Framework - Support the CRO and Head of Enterprise Risk and Operational Risk Management in furthering the use and efficacy of the ORM framework while enhancing its applicability to manage information security risk.
Operational
* Review and Credible Challenge – Provide review and credible challenge of the information security risk profile and all associated framework components, e.g., risk and control self-assessments, control testing, event management, metrics and indicators, risk appetite, finding management, and reporting.
* Risk Oversight – Lead in executing oversight of information security risks by performing the following:
* Provide subject matter expertise to business units to drive, guide and influence risk ownership, clarity and assessment of risks & controls.
* Review and monitor the progress of actions and validate appropriateness of closure evidence.
* Thematic review of operational risk events and associated proposed actions to reduce risk of recurrence.
* Document credible challenge of information security risk appetite to support the Enterprise Risk management (ERM) program.
* Regular review and challenge of key risk indicators including thresholds and applicability to risk appetite.
* Prepare monthly and quarterly ORM/ERM reports and present to Technology Leadership, Audit, and regulatory bodies as required.
* Project Oversight – Lead in executing project oversight for information security risks by performing the following:
* Provide challenge of risk management of material information security projects that may impact the firm’s risk profile.
* Work with business partners to challenge the quality of the project inherent risk assessments and contribute to the independent risk review for projects.
* Review project benefits and closure artifacts in preparation for transition to BAU.
* Governance – Actively present to various committees and forums to keep management educated on changes to the firms risk appetite.
* Relationship Management – Be a respected point of contact to stakeholders across the business and technology functions in providing operational risk coverage for information security risk.
* Advisory Services – Be a trusted advisor and provide effective challenge to stakeholders on the evolving cybersecurity and technology risk landscape.
* Policy & Procedures - Maintain and oversee relevant policies, standards, and procedures related to the security processes.
Leadership
* Primary lead for the team to role model expected work ethic and quality, meet divisional objectives, and support career development.
* Provide guidance and support to junior members of the team.
* Interact with and present to regulatory bodies in regular continuous monitoring meetings.
* Ability to partner, influence, and maintain credibility with the business.
#J-18808-Ljbffr