Cyber Risk Manager
The Audit and Risk Recruitment Company
The Audit & Risk Recruitment Company (ARRC) have been retained by Motability Operations to help them recruit a Cyber Risk Manager, a newly created and critical position that will lead on the embedding of cyber risk principles and frameworks across the organisation.This opportunity has come about as Motability Operations Ltd undergoes an enterprise wide transformation in how it uses technology to engage with its customers.
Governmental benefit reforms have resulted in a marked change in their customer base, from one which has relied on more traditional forms of communication; postal services and land-lines etc, to a more ‘tech-savvy’ demographic who want to access their accounts and communicate digitally.
This role will report into the Head of Risk and Compliance and is a very high profile position that will likely have responsibility and oversight over the building out of a new team. Base salary is paying up to £100,000 + 20% bonus + 15 % pension contribution.
Cyber Risk Leadership
- In your role as a 2nd line of defence risk manager, demonstrate the skills, experience and gravitas to effectively interact and challenge technical 1st line teams to ensure the cyber risk framework implemented is meeting the required standards.
- Be a champion for the business’s cyber risk capability; providing business risk expertise in helping shape the future control environment for digital developments and the associated cyber threat landscape.
- Co-operate and collaborate with 1st line colleagues from within business systems and other key business functions to ensure a common understanding and application of cyber risk management practices.
- Assess and provide advice and support relating to the cyber risk strategy, target state and roadmap in collaboration with key business stakeholders and the Cyber Security & Resilience Team.
- Work with business systems to shape approaches to managing cyber risk to ensure strategic business objectives are met and sufficiently protect the business from cyber threats (both internal and external).
- Ability to translate technical security concepts and threats into business language to enable broad understanding and buy-in of senior stakeholders.
- Raise awareness of cyber risks and develop the skillsets, approaches and processes to manage them across the business.
- Potential to build a small team of cyber risk professionals as the business’s cyber risk requirements develop.
Cyber Risk and Policy Management
- Contribute to the development of strategies, policies, guidance and awareness of cyber risks and align these with the business’s strategic direction.
- Support and review the definitions of cyber risk appetite in collaboration with business stakeholders and assist in applying it on a day-to-day basis.
- Risk-assess security policies, assess compliance and appropriate management of exceptions.
- Represent cyber risk at the quarterly senior risk committees.
- Establish effective cyber risk compliance metrics and report effectively to senior stakeholders.
- Experience of IT / Cyber risk management and a deep understanding of the evolving internal and external risks / threats faced.
- Provide direction and guidance on the interpretation of cyber risk in day-to-day risk decisions on technical controls and architecture.
- Assist with checking compliance with applicable regulations, standards, policies and risk appetites and present relevant risk management approaches.
- Provide direction and guidance on security controls for cloud services (e.g. AWS, Azure, Google), container orchestration, CI/CD pipelines, DevOps, network infrastructure and critical information assets.
- Proven track record of leadership and demonstrable experience of defining security controls within varying cloud deployment models, cloud migration / adoption / integration in a role of similar scale and securing cloud environments and cloud systems, including certification and compliance.
- Experience in similar role.
- Excellent relationship management skills both internally and externally across all levels Relevant qualifications in information security would be a plus (CISSP, CISSM ect).
- Demonstrable experience of having influenced key stakeholders across an organisation.
The Audit and Risk Recruitment Company – Experts in Audit and Risk