Digital Security Delivery Manager GRC

Job Description

Job title: Digital Security Delivery Manager - GRCJob location: London (fully remote)Industry: gas & oilEmployment type: contractDuration : 9 months (with extension)Salary: £ 550-600 per dayThe opportunityWe are looking for experienced Governance Risk and Compliance Lead who has the understanding of Cyber Security, GRC (Governance, Risk and Compliance) and IT controls assurance. You will work as part of the GRC Measurement & Reporting team to evolve existing ways of working to put in place a modernised IT controls verification process that allows stakeholders/control owners to be able to view the status of their IT controls and Cyber Security position in an easy to consume manner, which aims to enable better decision making into prioritising and remediating any issues. You would be assessing, recommending and implementing improvements in an effective manner that enables teams to make decisions, rather than creates more work or complexity.What you have* Engaging with technical and non-technical stakeholders and translate technical risks into clear business language* An understanding of risk concepts and terminology.* Exposure to risk assessments and involvement in managing remediation efforts.* A demonstratable good grasp of technology and supporting processes with knowledge of industry recognised frameworks e.g. ISO27001, NIST, CIS.* Exposure to audits and due diligence requests as well as the management of security policies and standards.* Supplier engagement and understanding supplier provided service risks.* Working with and producing metrics and presentation packs for risk forums and committees.* Keen to learn and develop your skills within Cyber and IT Security.* Have an excellent grasp of the technologies used to deliver cloud-based services, digital web-based services and in particular, the security controls needed to protect these services and the data that they process and store* A clear understanding of Information Security, Risk and Compliance Management and experience of working with security audit techniques.* Experience and understanding of Threat environments* Relevant industry qualifications and accreditations e.g. CISA, CISSP, ISO27001 Lead Auditor, CCP SIRA / IA Auditor preferable.Key Accountabilities: * Oversee assessments of IT systems, services and IT Security controls to provide an independent view of the effectiveness in alignment to with Security Policy and IT Security standards.* Work with the relevant teams to support the creation of documentation, including drafting procedures and processes, relating to the assessment and measurement of IT and Cyber controls, to ensure that requirements are reflected.* Promote a mind-set of developing secure systems, transferring knowledge of security standards / processes and acting as a subject matter expert (SME).* As part of the M&R team, review and make recommendations on simplifying processes, how we test the effectiveness of Cyber and IT Controls and improve awareness and engagement into our team.* Communicate effectively with relevant teams and stakeholders to ensure they recognise the importance of security considerations and respond accordingly to changes in policy and procedure.* Supporting the implementation of a measurable view of IT and cyber controls posture.* Monitor and report on the delivery of security controls against requirements, using key performance indicators.* Manage delivery and life cycle of Cyber and IT Controls security testing processes, including working with our third part vendor, sharing assessment and verification information with senior leadership.* Ensure alignment with government and industry objectives and standards, proactively reviewing and assuring security risk and highlighting non-conformance in an easy to consume, measurable view.* Provide guidance to support the delivery of secure IT systems and the implementation of proportionate security requirements to enable business outcomes