Head of Security GRC
We are looking for a Head of Security GRC to join our IT Information Security Team in Milton Keynes. You will play a leading role in managing governance, risk and compliance activities for Information Security and the wider Technology team. As the Head of Security GRC, you will be managing, mentoring, and developing the core skills and expertise of a team of GRC and analyst colleagues on a day-to-day basis, alongside proactive engagement with both business and 3rd party representatives.
You will also have a hands-on role supporting the business objectives and strategy to ensure our security and technology controls remain within the Group’s risk appetite and meet regulatory and lender requirements.
Responsibilities:
1. Line management of several direct reports within the team. Resource management across the team, ensuring that the relevant workload is delivered as agreed.
2. Act as the Subject Matter expert regarding Security and Technology compliance requirements and standards, including NIST and ISO27001.
3. Responsible to ensuring that a suitable control framework is in place to manage security and technology risks within appetite. Covering areas including Policies & Standards; Supply Chain Risk; Operational risks; User education; and Operational resilience / Business continuity oversight.
4. Ensure security and risk consultancy is provided to support BAU activities.
5. Share subject matter expertise and support the wider Technology Team and business stakeholders.
6. Maintain personal skills in the context of technology GRC, best practices, and the strategic direction of the Connells Group
7. Owns the governance, risk, and compliance aspects of the security policies across the group.
8. Support internal and external audits, responses to lenders and oversight of subsidiary control frameworks
9. Carry out security assessments on third parties to manage supply-chain risk.
10. Deputise for the Information Security Director when required.
Experience & skills required:
11. Professionally qualifications E.G CISMP, CISSM, CISSP.
12. Demonstrable Experience in similar relevant security GRC and managerial roles or broad experience and proven success in a senior Information Security role.
13. Strong understanding of Information Security best practices, standards, and control
14. Experience of Information Governance, Risk and Compliance principles
15. Experience of the principles of security auditing and compliance validation
16. Comprehensive knowledge and experience working with Security Frameworks and relevant regulations including ISO27001; NIST; PCI; GDPR
17. Good knowledge of current and emerging security controls and approaches e.g. Zero Trust; DLP; access and identity management
Desirable:
18. Qualification in the wider compliance, security, and IT arena E.G CISA, GDPR, PCI.
Connells Group is one of the largest and most successful estate agency and property services providers in the UK and as of March 2021 also encompasses Countrywide. Founded in 1936 and with a network of over 1,250 branches nationwide, the Group combines residential sales and lettings expertise with a range of consumer and corporate services including new homes, mortgage services, conveyancing, EPC provision, surveying, corporate lettings, asset management, land & planning, LPA receivers and auctions.
Connells Group UK is an equal opportunities employer and positively encourages applications from suitably qualified and eligible candidates regardless of sex, race, disability, age, sexual orientation, transgender status, religion or belief, marital status, or pregnancy and maternity.
CF00418