Information Security Risk Manager

Reed Technology
80000.00 GBP Annual
13 Apr 2018
26 Apr 2018
Job Type
Contract Type
A brand new and unique opportunity has arisen to join this award winning firm in Warwickshire.

An exciting opportunity has arisen to join the Information Security Risk function, based at the Head Office in Warwickshire.


1. Lead the 2nd line view of change projects, including new third parties. Security risks which when deemed high risk are presented to the risk committees to ensure the potential impact on the risk profile is understood.

2. Lead on Payment Card Industry (PCI) compliance and act as day to day interface with the Acquirer and Qualified Security Assessor in order to ensure compliance with legislation; and provide a second line view of the strategic projects PCI risks to present to risk committees.

3. Manage the Third Party compliance with information security requirements and the associated risk profile. Escalate to executive management when issues are identified that may adversely impact the risk profile or breach risk appetite to ensure the impact on the risk profile is understood.

4. Manage and utilise the enterprise wide operation of the Governance, Risk and Compliance (GRC) tool to identify risk trends across the business and oversee the analysis of risk data within the business in order to produce meaningful and timely Management Information to governance committees and the executive management to then work with senior stakeholders to build strategies and develop processes in order to mitigate the impact on the organisation.

5. Define the Group's policies and risk frameworks for security and PCI so they are in line with current regulations and best practice; and monitor and oversee the maintenance of an enterprise wide exceptions register to policy compliance.

6. Provide expert technical advice, support and assurance to senior stakeholders, individuals and data owners in their responsibilities and obligations under the ISO 270017 and PCI standards to ensure corporate and regulatory compliance with relevant legislation and best practice.


• Recognised Information Security certification e.g. CISSP, CISM, CRISC to support practitioner experience; as essential
• Degree or equivalent appropriate professional qualification
• Data Protection qualification; but not essential E.g. CIPP, CIPM, CIPT, ISEB certificate

Experience and Knowledge
• Expert experience of IRM within a 2nd line cybersecurity assurance function
• Expert understanding of cybersecurity risk frameworks and risk reporting
• Expert understanding of control principles and practices and familiarity with the ISF Standard of Good Practice, ISO 27001:13, NIST and other security standards including PCI-DSS
• User and manager level knowledge of GRC technologies and associated reporting modules
• Excellent written, oral and presentation and influencing skills to describe conclusions and recommend solutions
• Ability to apply and explain security requirements in a business and a systems context
• Experience in the formulation of and participation in change control processes, impact analysis and incident response programmes
• Knowledge of the UK Financial Services/Insurance industry (Desirable not Essential)

Reed Specialist Recruitment Limited is an employment agency and employment business