Governance and Reporting Manager
Salary up to £55k with benefits package
We are actively seeking the skills and experience of an experienced Governance and Reporting Manager to join a diversified international food, ingredients and retail group operating in 50 countries. As Governance and Reporting Manager you will work with the Head of Risk Assurance and Information Security, and have full responsibility for monitoring and reporting on the governance of Information Security and Functional Policies, Processes and Procedures throughout the group.
The role is responsible for running gap-analysis against, planning, designing and running the Governance framework. In addition, the role is responsible for the identification and introduction of suitable reporting mechanisms / metrics for use within the wider ABF group.
- Development and maturation of the group Governance Capability.
- Working with senior leaders and managers to embed Governance across the group.
- Champion governance throughout the group, working to influence all staff to view it as a Business as Usual function.
- Conducting gap-analysis of existing Governance Policies, Processes and Procedures with the aim of identifying areas of improvement.
- Provision of advice to senior leaders in order to enable the production of Governance Policies, Processes and Procedures to address identified gaps in Governance capability.
- Develop and maintain a rolling programme of Governance Policies, Processes and Procedures review and updating to ensure all documents remain relevant.
- Development and implementation of actionable security metrics / reports, further developing an appropriate reporting regime within the group.
- Development and maintenance of Governance, Risk and Compliance security score cards.
- Support and help develop the Risk and Compliance functions of the GRC team.
- Work with the Head of Risk and Information security to maintain the security documents (policies, standards and base guidelines)
- Act as the subject matter expect for Information Security within the group providing appropriate advice and guidance to colleagues
- Raise the profile of security by being proactively involved with colleagues. Provide consultation and/or education as needed.
- Support the enforcement of IS policies, through structured audit of the operating model and controls framework to test existing controls.
- Support investigations into problematic governance activity and provide structured report on findings, ensuring remediation actions are clearly owned and tracked.
- Develop a strong working relationship with the group security team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.
- A solid understanding of IS and functional governance frameworks within a global organization
- Adept at finding gaps in a governance framework and driving improvement.
- Adept at developing a Governance Framework to a high level of maturity.
- Sound understanding of security of systems, networks and applications, and associated risks.
- Experience of looking after a multidimensional business agenda of various day-to-day compliance matters.
- Experience of establishing credible relationships within IT and Business community with examples of driving risk and security initiatives.
- Experience in conducting compliance audits in a GRC environment, covering IS and functional teams.
- Energy, drive and influence to deliver.
- A practical pragmatic and hands-on approach.
- Proven stakeholder management and influencing ability with confident communication and reporting skills.
- Able to cope under pressure and manage a wide range of activities.
- Have experience of working within a security governance environment.
- Have experience defining and producing Security Metrics and dashboards using tools such as RSA Archer.
Knowledge & Experience
- Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks
- A strong understanding of the business impact of security tools, technologies and policies.
- Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
- Experience in system technology security testing (vulnerability scanning and penetration testing).
- Previous experience of working with legal, audit and compliance teams
- Strong team building, leadership, motivation and communication skills to work effectively
Please contact Sarah-Jane Taylor on 01908 886037 to discuss this role in further detail or firstname.lastname@example.org