Description
Company Overview
Cloudmigrate is looking for an experienced Cyber Security leader with strong experience in Risk Management and Information Security.
Role Overview
The GRC Lead will be responsible for building and running a Governance, Risk and Compliance function at a global organisation. The role is hybrid and you will be expected to be in the client office (London) once per week.
Day Rate - up to £650 per day outside IR35
Responsibilities
• Raise awareness of the value and business benefits of GRC throughout the organisation
• Define, develop, implement and maintain company policies and regulations to ensure compliance with legal and regulatory requirements
• Build and operate an effective Cybersecurity risk management capability to identify and manage risks to an acceptable level
• Conduct security benchmark assessments on agreed cadence on a per school, region and global basis, identify areas for improvement and systemic gaps
• Support improvement work and governance on joiners, movers, leavers account management process
• Develop culture of security awareness including planning and delivering highly effective and engaging training material to staff and students globally. Track metrics and assess effectiveness through phishing assessments
• Conduct security assessments of vendors and suppliers, track findings and provide guidance to the business
• Provide assurance on the effectiveness of NAE key security controls
• Support the planning delivery of strategic independent security assessments
• Create a secure design process so that new projects consider security requirements
• Represent Cybersecurity at IT governance meetings include Design Authority Change Advisory Board
• Ensure ongoing compliance of industry security standards including ISO20000 PCI DSS
• Conduct M&A due diligence post-merger integration work to ensure risk of new acquisitions is understood managed appropriately
• Support CISO defining delivering Cybersecurity strategy
• Provide security consulting services internal stakeholders
• Support Risk team with Cyber insurance renewals
• Provide KPIs OKRs other security metrics support scheduled adhoc reporting activities
Education Training Previous Experience
• 5+ years demonstrated experience success leadership roles risk management information security
• Experience successfully executing programs meet objectives excellence dynamic business environment
• Experience contract vendor negotiations
• A security mindset – always looking weaknesses existing systems
• Passion for Cybersecurity – demonstrated engagement in conferences training learning keeping up-to-date knowledge highly desirable
• A security mindset – always looking weaknesses existing systems
Desirable:
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk Information Systems Control (CRISC) or similar credentials
Technical Business Experience
• Knowledge understanding relevant legal regulatory requirements such as: PII PCI DSS.
• Knowledge common information security management frameworks such as CIS18 ISO/IEC 27001 NIST Cybersecurity Framework
• Sound knowledge business management working knowledge information cybersecurity technologies
• Up-to-date knowledge methodologies trends both business IT
Knowledge Skills
• Excellent written verbal communication skills interpersonal collaborative skills ability communicate information cybersecurity risk-related concepts technical nontechnical audiences various hierarchical levels ranging board members technical specialists
• Ability lead motivate GRC team achieve tactical strategic goals even "dotted line" reporting lines exist
• Excellent stakeholder management skills
• Excellent analytical skills ability manage multiple projects strict timelines ability work well demanding dynamic environment meet overall objectives
Project management skills scheduling resource management
Master influencing entities decisions situations no formal reporting structures exist achieving desirable outcome vital