c. £65,000 - £70,000 + Car Allowance + benefits
12 months ago
Our client is a leading retail business who are currently looking to recruit a Business IT Risk Manager. This is a first line of defence role which will support the delivery and embedding of the Enterprise Risk Framework and will be aligned to IT. The role holder will support and challenge the IT Director and their senior management team to deliver their ongoing risk management activities in line with the risk framework, Industry Standards and the agreed risk appetite.
Key responsibilities include:
- Leading and supporting the implementation and embedding of the Risk Management framework for IT, to help identify, assess, challenge, control, track and mitigate business risks and issues
- Coordinate with key stakeholders to establish appropriate Policies and procedures, and develop KRIs for measuring and monitoring information security risk, IT risk and system resilience risk on a continuous basis
- Co-ordinate IT risk assessments across the department, incorporating information security risk, IT risk and operational resilience risk as part of the RCSA process.
- Deliver effective monitoring of IT controls ensuring that these are fit for purpose, operating effectively and support the delivery of business goals and targets
- Review effectiveness and adherence to the risk framework and risk management processes by completing 1st line control testing and conducting Risk & Control self-assessment (RCSA) and oversee any internal audit activity
- Co-ordinate the Risk & Control Self-Assessment (RCSA) and Risk Maturity Assessment (RMA) within the department in line with any published standards and deadlines
- Work closely with the DPO and other Risk SMEs to ensure compliance to regulatory standards are met
- Identify and define emerging information security, IT, and system resilience threats and risks to the Group.
- Responsible for the maintenance and analysis of the Risk and Control data on the risk management system in line with 2nd line risk expectations
- Oversee adherence to the risk reporting processes ensuring that all reporting standards and SLAs set out in the risk reporting and Incident processes are followed
- Represent the department at the monthly Risk Forum
The Person :
- Solid foundation in Information Technology and information security principles. Familiar with common information security frameworks and standards such as ITIL, COBIT, ISO 27001 etc.
- A broad and deep understanding of technical security concepts and familiarity with related technologies and infrastructure, as well as a solid conceptual knowledge of enterprise IT system operations.
- Understanding of financial services specifically within information security and data privacy related laws, regulations, frameworks and guidelines.
- Professional certifications in information security such as a CISSP, CISM, CRISC desirable.
- Good understanding of IT risk and Operational Resilience disciplines.
- Ideally, background in IT Risk Assessment, IT Audit, Information security management.
Salary range is broad and will be entirely commensurate with experience.
Please note, should you not receive feedback 28 days, unfortunately your application