Cyber Security Risk Manager

Location
Crawley, West Sussex
Salary
£60,000 - £80,000
Posted
18 Jan 2019
Closes
17 Feb 2019
Ref
CSRM
Employer Sector
Insurance, Travel & Hospitality
Contract Type
Permanent
Hours
Full Time
Travel
0-25% Travel

Our client is a global leader in bespoke customer experiences through loyalty and benefits. They are seeking a Cyber Security Risk Manager to join their technology audit and risk function. 

You will be responsible for reducing cyber risk to the business, assets and reputation of the company by engaging with commercial and operational teams to advise and gain oversight of risk management performance.

The Cyber Security Risk Officer will work closely with key cross-functional stakeholders across IT, Enterprise Risk Management, and relevant business groups to support the risk identification and management process across all aspects of Cyber Security.

Key Responsibilities:

  • Liaise with stakeholders in relation to cyber security issues and provide future recommendations
  • Assist with internal and external audits relating to information security
  • Support risk assessments across software and hardware platforms both on premise and cloud hosted including third party vendors
  • Support the definition and documentation of risks and potential impacts including mitigation proposals and recommendations, providing challenge where needed
  • Monitoring risk exposures and performance or key metrics
  • Support decision-making and approvals around risk and preparation of key documentation and reports
  • Providing subject matter expertise as a ‘security consultant’ to ensure information security is embedded into initiatives.
  • Supporting the business in tailoring IT Security controls to meet risk requirements
  • Support due diligence assessments on third party service providers
  • Refine and develop dashboards and reports to continuously improve security situational awareness.
  • Support the business in tender responses, customer assurance assessments and audits
  • Undertake security awareness trainings for all employees

Knowledge, skills & experience required:

  • Proficient in common cybersecurity domains: data protection, access control, encryption, identify management, security operations, application security, penetration tests, end-point security, vulnerability management, threat intelligence, risk assessment.
  • Excellent understanding of information security concepts, protocols, industry best practices and strategies.
  • Experienced in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
  • Familiar with common cybersecurity frameworks and standards such as ISO 27000 series, PCI DSS, SOC 2.
  • Interpersonal and collaborative skills and the ability to communicate security and risk-related concepts to technical and nontechnical audiences
  • Professional certifications in information security such as a CISSP, CISM, CRISC.
  • Previous work within a cyber-security function. Ideally, has worked in a second line of defence Cyber Security Risk function.