£70,000 plus benefits
9 months ago
Financial Services firm, located in Birmingham, are looking to hire an Information Security and Data Risk Officer to join an established Operational Risk Division. Reporting to the Operational Risk Manager and part of the firms 2nd line of defence, the role will provide critical oversight of the firms Information Security, Cyber Security and Data Protection activities. In addition, the role holder will be responsible for maintaining the Information Risk Framework.
Key responsibilities include:
- Enhance the awareness, identification, management, reporting and mitigation of Information risk within the firm.
- Liaise with Information Security and Data Protection teams to ensure risks are accurately articulated and appropriate business and IT approval is sought where risks are being accepted or exceptions are being granted.
- Ensure material risks are identified and mitigated in line with internal controls systems and policy compliance.
- Work in conjunction with the Data Protection Officer and the Information Security Manager to provide assurance that the firm is fulfilling its obligations for holding and processing information.
- Contribute to the articulation and analysis of operational risk scenarios.
- Design and deliver Information Risk training to the business, when appropriate.
- Deliver one-off activities and projects to the outcomes and standards agreed with line manager.
- Represent Information Risk at key management committee meetings, steering groups and Business leadership meetings.
The ideal Candidate:
- Preferably an SME in Information Risk & Controls, ideally from a financial services background with PSD2 knowledge. We welcome applicants from areas outside of financial services who have experience of designing, implementing and embedding a safe and secure environment.
- Diverse background across information security, data governance, and data quality.
- Ideally prior information security assurance, risk and controls, information risk and information risk governance.
- Technical knowledge and practical experience with FCA, PRA and ICO requirements and standards, including GDPR
- Experience of establishing data identification, classification, ownership and security standards
- Proven in challenging senior stakeholders and demonstrating ability to negotiate and persuade where necessary.
- IT literate with good knowledge of Microsoft Office packages, particularly Excel and Word
- Have a relevant qualification such as CISSP, CISM or CISA. These qualifications are preferable but not essential.