Information Security Risk Officer

Picture More are currently looking to hire an Information Security Risk Officer to work for a global professional services firm in Leeds.

The Information Security Risk Officer will work closely with key stakeholders across IT, Enterprise Risk Management, and business groups to support the identification of risk and management process across all aspects of Information Security.

An ideal candidate will have the following skill set:

• Experience of risk identification and risk management and recommending mitigation plans for the business
• Experience providing 3rd party risk assurance
• Experience in technical risk management
• Experience in cloud security and risk, ideally arising from experience supporting cloud transformation and migration initiatives
• Knowledge of core IT infrastructure technologies and concepts
• Knowledge of data privacy requirements for information security
• CRISC, CISM, CISA or ISO27001 Lead Implementer certifications are desirable

Responsibilities:

• Monitoring risk exposures and performance of key metrics
• Lead Security risk assessments within projects, supplier engagements and IT change
• Review supplier questionnaires, identifying and managing potential risks
• Work with Suppliers to agree with remediation plans and track remediation activities
• Assisting in the development, maintenance and implementation of tools and processes to streamline Information Security Compliance
• Performing risk assessments across software and hardware platforms, both on premise and cloud hosted
• Developing and managing independent risk reporting
• Creating relevant documentation defining risk and proposing mitigation