Head of Technology Risk/ Cyber Risk/ Enterprise Risk

My reputable client is looking for a leader to expand their 2nd line security function. If you are keen to know more, please get in touch!

About the job:

The leader (Technology and Cyber Risk) will take responsibility for leading the design, development and integration of an Information Technology Risk Management Framework within the Enterprise.

• This role will be accountable for designing and implementing a new IT Risk Management Framework leveraging existing IT and Cyber risk management and assurance practices. You will be working jointly with a newly established Enterprise Risk Management Framework (ERMF) team and will be the IT&S lead for integrating IT Risk Management into the ERMF.
• Lead joint planning workshops, direct departmental resources, manage internal staff and/or professional services and inspire a culture of risk management through IT governance forums and risk champions.
• Design, Describe, Advocate and Execute the IT Risk Management Program in corroboration with the lead for Technology and Cyber Governance, Risk & Assurance.
• Lead the development of an Information Technology Risk Management Framework that is interoperable within the company's Enterprise Risk Management Framework.
• Lead the design and development of a programme of works to implement the new IT Risk Management Framework including the Change Management Plan, Organizational Design, Technology and Processes required that are both feasible and suitable for the Club.
• Design, Describe and Advocate for IT Risk Management and apply the methods, standards, and approaches to Information Assurance (IA) frameworks, policies, and standards such as ISO27001, NIST Cyber Security Framework , Centre for Internet Security (CIS) and COBIT5.
• Advise and support the implementation of Technology and Cyber Security governance including technology and security frameworks, policies, and standards including relevant regulatory frameworks (eg PCI-DSS, China CyberLaw).
• Coordinate and collaborate with other Tech and Cyber Governance, Risk and Assurance functions such as the Cyber and Technology Risk Assessment Teams, the Cyber Awareness campaign

About the requirements:

• Degree qualification in Engineering, Computer Science or relevant disciplines.
• Minimum 15 years of work experience in information security, technology and risk management with consideration years of work experience in Technology Risk 2nd line of defence, IT General Controls, IT compliance and info sec best practices e.g. NIST, COBIT, etc.
• Strong presentation skill to broad audience and senior management.
• Self-motivated and be able to drive large scale of Security, Risk programme and maintain the highest standards of conduct and integrity and ensure compliance with accepted industry practices, company policies, regulatory requirement e.g. GDPR, PII, etc.
• Industry-recognised certification in information security, risk management or equivalent experience (CISA, CISM, CISSP, CRISC, ISO27000, ISO31000, etc.)