IT Governance Risk and Compliance Specialist
Sunbury on Thames, Surrey - 3 Days on site 2 days from home
1 Year Contract
£470PD Via Umbrella
You are the IT Governance, Risk and Compliance Specialist, accountable for the delivery of IT compliance and information security assessment products. You will maintain IT compliance services, reporting, governance and oversight for IT compliance and security assessment processes. You will operate in a dynamic and commercially focused environment, with the resources of one of the world's largest IT departments, and some of the world's leading IT vendors at your fingertips.
Your initial activities described below may change over time.
- As part of this Business Partner Security focused role you will take part in supplier contract negotiations embedding information security requirements in our agreements.
- You will deliver action plans to suppliers to drive remediation of existing vulnerabilities as part of a monitoring and response capability.
- You will track remediation actions from assurance reviews to identify and remediate risks and confirm gaps are closed to prevent exposure to cyber threats.
- Contribute to the continuous improvement of supplier assurance procedures, guidelines, frameworks to help perform supplier security assurance in a consistent and quality manner.
Team: You will grow and develop the capability of your team by helping them deliver the most Agile and commercially cost-effective solutions. You will not just lead, but "do". Our culture is exploring, thinking and doing, and you will live this every day.
Relationships: You will remain aware of evolving security risks and trends by building a rapport with team members both inside and outside of our client. You will contribute to the continuous development of the wider team by proactively improving the quality standards and efficiency of delivery. To succeed you'll need the ability to influence and inspire change in a positive, impactful way.
Governance and Compliance: You will provide technical expertise in support of IT compliance assessments and track the delivery of a series of assessment activities. Facilitating the delivery of a programme of activities as agreed with the service provider will be one of your main tasks. You will provide oversight in the context of compliance and security assessment activities, identifying areas of risk and making appropriate recommendations.
Technology: You have a passion for understanding and learning. You will bring good hands-on skills in key technologies, and an ability to rapidly assess and identify the potential of new technologies with a commercial mindset. A keen interest in emerging technologies and a desire to help shape our digital vision are essential.
Safety and Compliance: The safety of our people and customers is our highest priority. We will champion a culture of operational safety and ensure our architectures, designs and processes enhance and improve our digital security.
- Ideally, you'll have a degree-level qualification or equivalent experience
- You will have information security or risk industry accreditation (e.g. CISM, CISA, CISSP, CIRM) or membership of a professional body (e.g. IISP).
Essential Experience and Job Requirements
- You will bring technical knowledge in IT compliance, security assessments, governance or reporting.
- You have proven experience in an information security and risk role, or similar, with highly advanced technical knowledge in your assigned specialism.
- You are familiar with IT&S, Digital Security and Risk functions.
- You have Big 4 consulting or technical consulting experience.
- You have experience of one or more new technology areas or ways of working (e.g. Cloud, Mobile, DevOps, Agile).
- You bring project management experience.
Due to the volume of applications, we regret that we can only respond to those meeting our above requirements.