Governance, Risk and Compliance Manager £53,353 - £61,823 Full Time - Permanent
The Role Cyber-attacks are increasing in sophistication, stealth, and destructiveness. The company is re-evaluating its security capabilities in the areas of threat prevention, detection, and response. As part of this strategic approach to cyber security, we are creating a dedicated Cyber Security Team within the university’s Information Services department.
Purpose of the Job Under the direction of the Head of Cyber Security, the Governance, Risk and Compliance Manager, leads the security assessment function, in accordance with internal controls compliance, regulatory and departmental policy and procedures. The Governance, Risk and Compliance Manager will develop and manage the risk management framework, control matrices, and all related dashboards, and will make recommendations for senior management consideration.
This position is responsible for compliance with the internal controls, regulatory and information security policies and procedures. The role holder works closely with internal/external auditors, and regulatory agencies and will ensure that supporting documentation is available as applicable.
The Governance, Risk, and Compliance Manager, line manages and develops the Governance, Risk, and Compliance Analyst within their team.
Key Responsibilities Support the Head of Cyber Security in developing and maintaining the Cyber Security Strategy, ensuring that it delivers against the University’s strategic aims. Define and deliver an IT Governance, Risk and Compliance Framework. Align the framework with information technology with business objectives, while managing risk and meeting regulatory compliance requirements. Responsible for the management and successful implementation of Cyber Security Improvement Programme, policy work packages. Responsible for assessing and documenting of the compliance and risk posture. Lead on the communication and development of a cyber security culture across the institution, raising awareness and increasing the University’s understanding of security through the application of policy and practice. Ensuring that this is articulated in a way. Responsible for the creation, maintenance and delivery of a cyber security awareness campaign and training for colleagues that is understandable to a non-technical audience. Line manage, support, challenge and develop the Cyber Security Governance & Compliance team members. Define and deliver clear and actionable reporting metrics and dashboards regarding cyber security governance and compliance activities. Develop a strategy for audits, compliance checks and external assessment processes for internal/external auditors. Be responsible for vulnerability and threat risk assessment and prioritisation. Attend and actively participate in the IS Security Monthly Review. Own the risk log and produce a monthly security report. Build and maintain a strong working relationship with vendors and partners. Be responsible for ensuring that stakeholders understand and establish acceptable levels of risk, and recommend activities that will proactively reduce the potential for incidents. To manage budgets associated with governance, risk and compliance activities and ensure ongoing costs are captured in recurrent budgets. Provide project and operational budget reports as required. Support and advise on cyber security requirements for the development and delivery of new IT services. Make recommendations regarding the effectiveness of the security controls for the IT systems and services. Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure cyber security and compliance with relevant legislation and legal requirements.
Essential and Desirable Characteristics Relevant IT management experience. Knowledge of current, new and emerging trends in industry/international information security related standards (e.g. ISO/IEC 20001, SOGP) and legislation/regulations (e.g. Computer Misuse, Data Protection, PCI DSS, GDPR). Applicable information security management, governance, and compliance principles, practices, laws, rules and regulations experience. Experience in the principles, practices, tools and techniques of IT auditing. Experience in working with external partners for penetration testing. Experience in working in a large, challenging multi-site service delivery environment, preferably in HE. Developing and implementing enterprise governance, risk, and compliance strategy and solutions. Demonstrable experience in developing security standards and guidelines based on best practices and industry standards. Knowledge and experience in working with Information Security / Cyber Security frameworks. Practical experience of managing a Cyber Security Team of subject matter experts. Knowledge and understanding in key areas including; threat intelligence, incident management and security operations. Specific skills & knowledge of information security, data protection, compliance, related legislation, standards and regulations. Applied experience in cyber security programs, audits, assessments, risk, remediation, or cyber security compliance management. Educated to degree level or equivalent experience Relevant industry qualifications (e.g. CISSP, CISM, ITIL, etc.) Membership of relevant professional bodies If you are interested in the above position and would like to hear more about the role please contact Dan on (phone number removed), or via email