Description
Company Overview
Cloudmigrate is looking for an experienced Cyber Security leader with strong experience in Risk Management and Information Security. The GRC Lead will be responsible for building and running a Governance, Risk and Compliance function at a global organisation. The role is hybrid and you will be expected to be in the client office (London) once per week.
Day Rate - up to £650 per day outside IR35
Responsibilities
- Raise awareness of the value and business benefits of GRC throughout the organisation
- Define, develop, implement and maintain company policies and regulations to ensure compliance with legal and regulatory requirements
- Build and operate an effective Cybersecurity risk management capability to identify and manage risks to an acceptable level
- Conduct security benchmark assessments on agreed cadence on a per school, region, and global basis; identify areas for improvement and systemic gaps
- Support improvement work and governance on joiners, movers, leavers account management process
- Develop culture of security awareness including planning and delivering highly effective training material to staff and students globally; track metrics through phishing assessments
- Conduct security assessments of vendors/suppliers; track findings; provide guidance to the business
- Provide assurance on the effectiveness of NAE key security controls
- Support planning/delivery of strategic independent security assessments
- Create a secure design process so that new projects consider security requirements
- Represent Cybersecurity at IT governance meetings including Design Authority/Change Advisory Board
- Ensure ongoing compliance with industry security standards including ISO20000/PCI DSS
- Conduct M&A due diligence/post-merger integration work ensuring risk from new acquisitions is understood/managed appropriately
- Support CISO defining/delivering Cybersecurity strategy
- Provide security consulting services to internal stakeholders
- Support Risk team with Cyber insurance renewals
- Provide KPIs, OKRs, other metrics for scheduled/ad-hoc reporting activities
Education, Training & Previous Experience
5+ years demonstrated experience/success in leadership roles in risk management/information security. Experience executing programs meeting objectives of excellence in dynamic business environments. Experience with contract/vendor negotiations. A strong cybersecurity mindset – always identifying weaknesses in existing systems. Passion for cybersecurity – engagement in conferences/training/staying updated is highly desirable.
Desirable:
Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk & Information Systems Control (CRISC) or similar credentials.
Technical & Business Experience
Knowledge/understanding of relevant legal/regulatory requirements such as PII & PCI DSS. Knowledge of common information security management frameworks such as CIS18, ISO/IEC 27001/NIST Cybersecurity Framework. Sound knowledge of business management/work knowledge of information security risk management/cybersecurity technologies. Up-to-date knowledge/methodologies/trends in both business/IT.
Knowledge & Skills
Excellent written/verbal communication skills; interpersonal/collaborative skills; ability to communicate information/security/risk-related concepts effectively across various hierarchical levels from board members to technical specialists.
Ability to lead/motivate GRC team towards tactical/strategic goals even under "dotted line" reporting lines.
Excellent stakeholder management skills.
Excellent analytical skills; ability managing multiple projects under strict timelines while working well within demanding dynamic environments.
Project management skills: scheduling/resource management.
A master at influencing entities/decisions where no formal reporting structures exist but achieving desirable outcomes is vital.