Infosec Governance, Risk And Assurance Manager

About Us

Clear Channel Europe, a leader in the advertising world, boasts an impressive portfolio across 13 markets.

Driven by consumer trends, advances in technology and the engagement possibilities of digital media; the world’s oldest advertising medium is undergoing a massive wave of digitalisation.

Clear Channel’s mission is to create the future of media and our European Technology Team is at the forefront of this transformation. 

About the role

As Information Security Governance, Risk, and Assurance Manager, your primary responsibilities will be to provide support to the Head of Information Security helping them to ensure that the Information Security (IS) programme is aligned to the current business goals and objectives, and that IS risk is adequately managed and the performance of IS processes is on par with business expectations.

You will play an essential role in securing and maintaining ISO 27001 and other industry certification (as required) to enhance the security posture of the organisation and help it secure future business opportunities.

You will contribute to maintaining an adequate and proportionate set of Information Security policies and standard to establish “how good looks like” and help tracking and measuring how organisation delivers against those requirements.

Key Responsibilities:

You will be responsible for:

• managing IS risk register and facilitating ongoing dialog between key business stakeholders, risk owners, and risk treatment action owners to ensure all IS risk is adequately recognised, documented and managed.
• establishing and maintaining an adequate IS Awareness and Training programme to bolster our resilience to IS threats and help our employees to act as the first line of defence.
• identifying, documenting and tracking metrics (including Key Performance Indicators, Key Control Indicators and Key Risk Indicators) to help measure the performance of IS processes and controls in the support of established IS business goals and objectives.

Governance area:

• Strategic IS planning and forming associated programmes, roadmaps, initiatives and goals.
• Maintaining adequate IS policies and standards commensurate with business objectives and risk appetite.
• Establishing IS risk management modus operandi and defining associated processes and artifacts.
• Establishing, managing and delivering against an agreed IS education and awareness programme.
• Securing and maintaining IS certification for agreed standards, baselines and benchmarks.

Risk Management area:

• Maintaining the central IS risk register and acting as an initial point of contact for risk escalation.
• Supporting stakeholders in carrying out IS risk assessments, analyses, and Business Impact Analysis (BIA).
• Monitoring execution of agreed IS risk treatment actions timely escalating non-conformance.
• Carrying out ongoing horizon scanning for emerging IS Risk and treatment opportunities.

Assurance area:

• Identifying, documenting, and tracking performance metrics adequate to monitoring IS strategy execution.
• Designing, maintaining, and publishing (at agreed intervals) IS performance scorecards and dashboards.
• Providing operational support for IS-related audits and assessments (e.g., penetration testing, red teaming).
• Providing operational support for vendor onboarding and review processes involving IS elements

What we’re looking for

• Years of successful performance in the IS GRA field in a commercial environment.
• Line management experience.
• Good practical experience of establishing, maintaining, and implementing security policies and standards.
• Good practical knowledge of ISO 27001 / 27002 standards, including:

implementing, and documenting associated controls.

monitoring control adequacy and performance.

• Good practical knowledge of IS risk management practices, including:

knowledge of the ISO 27005 standard and associated methodology;

risk identification, analysis, evaluation and identifying risk treatment options;

maintaining risk registers and tracking risk treatment actions.

• Practical experience in tracking delivery of IS goals and objectives through:

common metrics such as KPIs, KCIs and KRIs; scorecards and dashboards.

• A demonstrable track of delivering successful IS education and awareness programmes.
• Practical experience in providing operational support for audits and assessments.
• Practical experience in vendor onboarding and review processes.
• Good practical knowledge of the following acts and their control requirements:

EU General Data Protection Regulation (GDPR);

UK Data Protection Act DPA (DPA).

What’s in it for you?

Our people are bonded by a humility and commitment to challenge the status quo.

We offer a great team to be a part of, a home for your individuality, as well as a place to bring fresh ideas and to grow and develop.

We have a fun and informal culture while also being a future-facing business that wants to make a difference. So, Bring you. Shape us.

• 32 days paid holiday (including BH)
• Hybrid working
• Company Pension Scheme and Life Insurance
• Access to cycle to work scheme, season ticket loans and a whole host of discounts across 100s of retailers
• Access to Simple Health Cash Plan
• Access to Clear Channels Learning Pot

At Clear Channel we believe in fairness and as an equal opportunities employer we work hard to foster an inclusive environment, a place you can truly be yourself and be treated fairly. We focus purely on skills and behaviours so if you'd like the opportunity to help us create the future of media, out of home, we'd like to hear from you.