to £65,000 + benefits
7 months ago
I am currently working on behalf of a very progressive and entrepreneurially led Insurance group who are looking for an individual to be responsible for the implementation of a proportionate, risk based IT governance framework across the group in order to successfully reduce risk, in line with appropriate risk parameters agreed with business.
Reporting to the Head of Information Security & IT Governance, they are initially recruiting this role on a fixed term contract for 12 months but with a realistic potential that the role will become permanent.
Key responsibilities include:
- Develop, construct and implement an IT Governance framework to work closely across the Group to improve overall maturity in respective disciplines. As required act as a subject matter expert utilising external specialists as required.
- In line with Business Strategy develop and continuously maintain a strategic outlook across the Group, including risk management approaches, frameworks and technologies.
- Develop and maintain an appropriate IT Governance framework, including relevant documentation.
- Be responsible for and oversee PCI-DSS compliance across the business.
- Collaborate with the organization's IT leaders, InfoSec, DPO, HR, and Risk to ensure full legal compliance of company's privacy and data protection policies, procedures and notices.
- Serves as the SME for best practice in the execution and delivery of IT Risk Management.
- Advise and contribute to the design and implementation of an appropriate first line IT Policies, controls and frameworks.
- Performing risk assessments for projects, processes, software and infrastructure as required.
- Ensure compliance with company and other relevant standards/regulations at all times.
- Raise awareness across the Group regarding IT Risk Management best practice and its developments, working with management to ensure the Group companies are adequately protected.
- Provide metrics and reporting as required.
- Responsibility for maintaining department risk registers (as applicable), providing evidence and commentary for controls, updates for Mitigation Actions and escalation as required.
- Strong and demonstrable experience of implementing IT Risk Management Frameworks.
- A good appreciation of security, compliance and business continuity standards such as ISO27001, ISO 31000 and PCI DSS.
- Excellent hands-on technical knowledge. Knowledge and experience of network technologies, and security tools such as vulnerability scanning and remote access technologies.
- Experience and knowledge of Data Protection
- Excellent communication and interpersonal skills, both verbal and written.
- Strong analytical and problem solving skills.
- Self-motivated and enthusiastic with the desire to meet or exceed targets.
Salary is entirely commensurate with experience but will reflect the significance of the role
Please note, should feedback not be received within 28 days due to the large volume of applications, unfortunately your application has been unsuccessful. However, we may be in touch with similar relevant opportunities.