Senior Compliance Manager

  • Location

    London, England

  • Sector:

    IT

  • Job type:

    Permanent

  • Salary:

    Negotiable

  • Contact:

    Aaron Madray

  • Contact email:

    Aaron.Madray@experis.co.uk

  • Job ref:

    BBBH110837_1569852044

  • Published:

    2 months ago

  • Expiry date:

    2019-10-30

Senior Compliance Manager - London

Our client is a dynamic industry leader, specialising in cutting edge technology & industrial security controls seeking proactive, security minded individuals to join & develop within their business.

Purpose

To assess, audit & scrutinise the cyber systems resilience of major industrial operators against existing regulatory frameworks and, where necessary, make suggestions for change & further measures.

Responsibilities

  • Accompany the auditors during inspections and record findings
  • Randomly conduct audit inspection of operators or on new audit request
  • Demystify subjectivity between the auditors
  • Manage the auditor pool in assigning, scheduling and prioritising audits providing clear plans/instructions to meet timely inspections.
  • Maintain a record of all audit inspections, managing the inspection reports, providing analysis and outcomes.
  • Provide scrutiny of audit reports; assessment reports, improvement plans and incident reports.
  • Support the drafting or review of the framework, policies, procedures, risk assessments where necessary for the client to operate as Competent Authority.
  • Engage with government bodies and attend forum and events to understand threat landscape for sector.
  • Escalate non-compliance and offer advice to support a balanced penalty process.
  • Collate and formulate sector wide risk view.
  • Record outputs and decisions from audits and meetings, including, any incidents, which may form part of an enforcements process.
  • Provide compliance on Smart Metering programme, including but not limited to, monitoring supplier compliance, monitoring the governance board; monitoring and contributing to any proposals for modifications/changes; develop briefing for governance board and sharing intelligence with OGD stakeholders.

Skills / Experience

Essential:

  • 3 years' minimum experience in security auditing/inspection.
  • Educated to Degree level or equivalent in a cyber, engineering or technology-based discipline or equivalent.
  • Hold one or more professional qualifications in ISO27001:2013 Lead Auditor, CISA or equivalent.
  • Must demonstrate that you have recent and relevant skills and experience in all the following areas:
    • Conducting audit inspections of environment for critical national systems, IT, IS, OT or national headline services;
    • Performing security risk assessments;
    • Written and reviewed audit reports and Risk Treatment Plans (RTP)
    • Ability to conduct security risks and audit analysis of associated critical systems, OT, Control Systems or headlines services; and
    • Implementing processes for dealing with and managing security incidents
    • Knowledge of ISO27001:2013 or IEC62443 series in critical infrastructure and challenges faced with introducing security controls
    • An effective and engaging communicator, with experience working effectively with key external stakeholders
    • Either holds or ability to achieve SC clearance

Desirable:

  • Certified to ISO27001 Implementer, GICSP, CRISC or equivalent
  • Experience of auditing in an ICS/OT environment
  • Knowledge of IEC62351 and/or NIST framework
  • Knowledge and/or exposure to SEC and SMETS1/SMETS2
  • Coordinating incident response internally and externally