Cyber Risk Consultant
You will provide consultancy, support and oversight on cyber and technology risk management practice. Implementing, embedding and supporting the organisation's Enterprise Risk Management Framework (ERMF). It is an established and growing team, and there will be scope to help shape how we operate and the services we provide to a continually evolving business.
· Have a background in cyber / information security, IT Service Management, DevOps, or broader experience of challenging technology controls across the IT lifecycle in a risk or audit capacity?
· Enjoy working closely with stakeholders to build strong relationships and help them to understand the risk landscape as it applies to their world?
· Want to use your knowledge, MI and data to analyse the current risk environment to provide challenge, opinions and identify gaps?
· Want to keep expanding your understanding of technology and risk?
If this sounds like you, please apply.
WHAT YOU'LL DO
· Managing a variety of cyber/technology risk management related tasks and activities with minimal support, meeting expectations on agreed deliverables and timescales.
· Provide training and support to promote a clear and consistent understanding of risk management.
· Build relationships with risk peers, Senior Managers and Executives across the organisation, to share and implement best practice, and create a common understanding of risk management.
· Manage and influence key stakeholders in order to manage risk exposure.
· Continuously developing and maintaining technical knowledge and applying this in conjunction with business awareness in order to provide review and consultancy.
· Effectively implement and embed the Conduct and Operational Risk Framework in the business.
WHAT WE'RE LOOKING FOR
· Previous experience in a security risk role
· Proven track record of effectively and efficiently managing multiple risk management related tasks with minimal support, meeting expectations on agreed deliverables and timescales
· Stakeholder management and relationship building skills, particularly at a senior level with the ability to challenge and articulate independent opinions in a way that drives change and delivers results
· Ability to see the bigger picture and think wider than the immediate team to prioritise competing priorities / demands
· Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC) or Certified Information Systems Auditor (CISA) qualified.
· ISO 2700x Lead Auditor
· ITIL or ISO 20000 Professional / Auditor
· IT experience in one or more of the following areas:
o IT 1st line role either as security/technology technician, delivery or management
o IT 2nd line role - providing risk support, review and challenge to a security or IT functional area
o 3rd line role - auditing a security or IT functional area
· Undergraduate Degree or equivalent
· Institute of Risk Management qualifications
For more information and to apply please contact Craig at firstname.lastname@example.org or call 0131 473 4943.