Information Risk Management Consultant

Reed Technology
55000.00 GBP Annual
13 Apr 2018
26 Apr 2018
Job Type
Contract Type
A brand new and unique opportunity has arisen to join this award winning firm in Warwickshire.

An exciting opportunity has arisen to join the Information Risk function, based at the Head Office in Warwickshire.


1. Provide expert technical advice, support and assurance to risk managers and practitioners in their responsibilities and obligations under the ISO 270017, Data Protection Regulations and PCI standards to ensure corporate and regulatory compliance with relevant legislation and best practice

2. Collect, aggregate and analyse risk data from across the business relevant to the cybersecurity and privacy risk profile within the business in order to produce meaningful and timely Management Information to governance committees and the executive management.

3. Operate and maintain the enterprise wide Governance, Risk and Compliance (GRC) tool. Manage the quality of the information provided and support line managers to ensure that risk assessments are maintained, remediation plans are updated and action points closed.

4. Assess Third Party compliance with data protection and information security requirements and the associated risk profile to ensure information is protected when being handled by external suppliers and that the impact on the risk profile is understood.

5. Assess and manage security and data protection breaches and any data subject requests to full conclusion

6. Work with the 1st line IT and Cyber Operations Team Security team to assess and report the systems patch levels, malware protection and penetration tests results to reduce vulnerabilities, protect information, highlight system and network errors, detect potential and actual attacks and support investigations

Recognised Information Security certification e.g. CISSP, CISM, CRISC to support practitioner experience; as essential

PCI QSA, desirable but not essential

Recognised UK qualification in Data Protection such as CIPP, CIPM, CIPT, ISEB certificate, desirable but not essential

Degree or equivalent appropriate professional qualification

Experience and Knowledge
• Demonstrable knowledge of the Data Protection Act and GDPR legislation and its practical application within the business
• Demonstrable understanding of the ISF Standard of Good Practice and other security standards such as ISO 27001:13 and NIST frameworks
• Excellent understanding of PCI compliance requirements and their practical application within the business
• Demonstrable experience of operating a policy compliance and exceptions framework in a 2nd line assurance function
• Demonstrable experience of incident management from a security and Data Protection perspective
• Excellent communication skills (written, oral and presentation)
• Demonstrable experience of information analysis, interpreting complex issues and offering appropriate advice on these topics to senior business stakeholders
• Knowledge of the UK Financial Services/Insurance industry preferable but not essential

Reed Specialist Recruitment Limited is an employment agency and employment business