Security Governance Manager - Cambridge or London - 85k + Package
A Security Governance Manager is required by the FTSE 100 Company, which can be based either in Cambridge or London.
It is an exciting time to join this global client (based in 30 countries with 130+ sites) who have embarked upon a ground-breaking programme of work to ensure their IT capabilities are not only able to support and integrate updated technologies, but can also offer insight into future IT tools that provide them with a competitive edge and improved operating efficiencies.
As they continue to enhance their information security function, they seek a Security Governance Manager, whose role it will be to lead the security team in day-to-day execution and compliance with prescribed methodology process, including project development, project initiation and facilitation, project plan development, risk and issues management, quality planning, and communications planning.
This is a rare opportunity to implement security at every level, across a global organization.
Owns, on the behalf of the CISO, the definition and maintenance of the Cyber Security Strategy for the Group, and associated security policies, procedures, standards and implementation roadmaps.
In conjunction with the Group Risk team, defines, implements and operates the risk management activities (risk assessment, gap analysis, business impact analysis, etc.) in regard to cyber security and information security risk.
Defines, implements and drives the compliance regime to ensure that the security policies and standards are being adhered to.
Responsible for the definition of security metrics and the routine collation and presentation to the CISO and senior leadership
Monitors the trends in external legislation and regulation relating to cyber security, and assesses the potential impact for the business.
About your skills and experience
Knowledge and experience of information security controls, vulnerabilities and threats to be able to effectively assess information security risks.
Knowledge and experience of ISO 27000 security standard ensuring an effective, integrated approach to information security controls for mitigation of information security risks to the business.
Experienced in the selection and implementation of appropriate security controls and governance strategy
In depth knowledge of Information Security Governance principles with demonstrative practical experience of supporting security governance frameworks within a complex organisation.
Demonstrative experience in the creation of high quality information security policy frameworks
Demonstrable professional development.