Senior Information Security Risk Manager

Senior Information Security Risk Manager
Hybrid: 1-2 days per week in Windsor for meetings / collab
6 months
£750 per day

In short: Senor InfoSec Risk Manager required to join a large utilities company in taking their cyber risk management capability to the next level. Primary focus can be on either risk or controls based on experience. Your remit covers the group and all of the respective business units undergoing an increase in regulatory requirements and external audits.

This role involves line management of 3 Risk Analysts.

In full:

Purpose

• Works with the relevant business areas and technology teams to identify and assess Security Risks
• Manages the Security Risk framework and ensures timely assessment and treatment of Security Risks

Accountabilities

• Develop and implement the Security Risk Management framework
• Ensure Security Risks are identified, assessed and either treated or accepted in accordance with the risk appetite
• Work with the business areas to understand their key Security Risks and agree the actions to mitigate (where relevant)
• Ensure services are assessed and classified based on their Confidentiality, Integrity and Availability
• Ensure periodic risk assessments of key services are performed and remediation plans are monitored
• Understand the external security environment and emerging trends and regulations to support Security Risk management
• Facilitate the quarterly review of the Risk submission to Enterprise Risk Management

Competencies

• Extensive knowledge of Cyber Security risk assessment methods, such as ISRAM, OCTAVE etc.
• Strong knowledge of Information Security technologies, such as identity and access management, encryption, and multi-factor authentication
• Understanding of power utilities, retail energy, and oil & gas industry trends and emerging threats
• Ability to draw upon external network to understand emerging Cyber Security threats and events
• Knowledge of internal and/or external regulatory policies, standards, procedures and controls (e.g., CPNI, NIST, ISO27xx)
• Ability to drive technical consensus and facilitate agreements with challenging stakeholders
• Ability to understand business visions and strategy and anticipates the associated risks from a technology and security perspective
• Effective management style, with strong communication (oral and written) and conflict management skills

Experience:

• Significant experience in a Cyber Security function and demonstrable management experience within Cyber Security and Technology
• Performed cyber Security Risk assessments following an industry recognised method such as ISRAM, OCTAVE etc.
• Modelling of threat scenarios to identify cyber security threats arising from new or changing systems and applications
• Facilitated workshops with senior stakeholders from diverse background to determine cyber risks and assess their ratings
• Performed management roles across Cyber Security and other Technology functions
• Managed small and medium-sized teams in a line management capacity
• Developed communication material and reporting suitable for CxO level and senior leadership
• Developed effective reporting for the CxO level and undertaken briefings with technology and business leaders
• Managed Governance, Risk and Compliance tools and methods

Candidates will ideally show evidence of the above in their CV in order to be considered.
Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer.