IO Associates are helping an International organisation recruit a Head of IT Risk. The successful candidate will be directly in charge of the Information Security and Continuity activities, also collecting & reporting all necessary information about other IT operational risks.
Role: Head of IT Risk
Salary: £85,000 + Car Allowance + Bonus + Benefits
*Ensure mapping of local policies to group policies and regulatory requirements
*Document and maintain the IT Risk framework (policies, standards, procedures, guidelines)
*Identify and fill the gaps of the IT Risk framework
*Define concepts of risk appetite and tolerance and translate them into measurable indicators
*Consolidate risks via a taxonomy and exposure definition
*Management of 9 Risk Domains comprising IT Security, IT Continuity, IT Purchasing and Procurement, Compliance, Legislation, HR, IT Governance, IT Obsolescence and IT Execution Processes
*Identify, assess and evaluate IT risk to enable the execution of the enterprise risk management strategy.
*Develop an IT risk awareness program and conduct training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a IT risk-aware
*Develop and implement risk responses to ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives
*Monitor risk and communicate information to the relevant stakeholders to ensure the continued effectiveness of the enterprise's risk management strategy.
*Design and implement controls in alignment with the organization's risk appetite and tolerance levels to support business objectives.
*Maintain the IT Disaster Recovery Plan including annual reviews.
*Organize audits and reviews on IT systems
*Communicate audit and review results to appropriate parties; ensure that issues are addressed and corrective actions are implemented.
*Participate in IT projects and initiatives to bring pro-active risk management focus into solutions.
*IT Governance Framework
*Proven ability of implementing and maintaining robust IT Security systems.
*Experience of documenting clear policies and procedures.
*Good at clearly explaining security requirements and promoting security awareness.
*Strong knowledge of the current threat landscape and latest defence techniques.
*Strong understanding of the importance of common security technologies.
*Understanding of PCI-DSS requirements.
*Good understanding of common, high-risk vulnerabilities.
*5+ years in an IT Security or IT risk management role
*Experience completing risk assessments
Please get in touch for details.