Job Details  
Advertiser: CBSbutler Ltd

Job Title: IT Risk And Compliance Manager
Rate:£60K to £70K Per Year    Benefits: Pension + Benefits
Description: IT Risk & Compliance Manager


SC Clearance required if successful

60-70KPA DOE

Fulltime - Permanent

Job description/Person specification Specific Responsibilities

* The IT Risk & Compliance Manager is responsible for defining, implementing, supervising and improving the process and procedures for the IT department’s Risk Assurance frameworks.

* The position will support the business requirements to comply with government DAIS accreditation and industry standards including ISO 9001, ISO 20001, ISO27001 and 27002, SANS20, NIST800 and TickITplus.

* This role will lead the IT effort to identify risks to the safe and secure operation of the global IT estate and be accountable for their resolution and mitigation.

Key Accountabilities

* Achievement and maintenance of ISO 27001 certification for the company’s IT function. This will involve the definition, configuration and certification of an ISO27001 ISMS (Information Security Management System), and an ISO27002 Controls. The role also includes responsibility for the on-going management, maintenance and development of these management systems.
* Ensuring that the company’s IT functions security controls and service capabilities are developed and maintained in line with industry standards and regulations, and the company’s corporate policy requirements. This also involves the testing of controls and measurement of their effectiveness, and reporting of the quality of the controls to management.
* Ensuring that the company’s IT function have a comprehensive and workable set of documented operating processes and procedures that are aligned to industry standards and the company’s corporate policy requirements. This involves producing and maintaining the local process, procedure and guidance documentation.
* Owning the IT Business Continuity plan and Undertake regular disaster recovery planned and unplanned testing, documenting outcome and improvements
* Manage risks and risk register through chairing regular risk review meetings and updating documentation where required.

Key Capabilities

* Initiates and tracks the development of all processes and procedures, and is responsible for their compliance to the appropriate standards.
* Supports teams to educate, implement and train agreed process to IT staff.
* Ensures all Information Security Management responsibilities are appropriately assigned and correctly executed.
* Coordinates day-to-day process execution, providing guidance to team leads and members where and when appropriate
* Defines and operates assurance programmes which monitor compliance versus polices and standards and drives closure of gaps.
* Establishes process measurements, provides monthly reporting, and is accountable for IT group process results, and their impact on functional activities.
* Chairs IT Strategy, Compliance & Accreditation and ISMS meetings.
* Where necessary provides advice and guidance into new opportunities for other business units, where IT has a role in delivery of services to external customers, ensuring that customer Service Level requirements are addressed appropriately.
* Works effectively and efficiently with minimal oversight, advises and provides guidance to other teams and team leads.
* Has a solid grounding in IT capability, process and ITIL best practice.
* Is able to recognise problems related to process and apply suitable corrective measures.
* Independently generates solutions, based on analytical skills and business knowledge.
* Challenges the validity of given procedures and processes, and provides enhancements, improvements or complementary solutions as appropriate.

Experience & Qualifications

* Understanding of IT departmental mission, vision, and of IT operations, ideally gained through 5 or more years IT/IS function management.
* Minimum of 2 years process development and management experience.
* Knowledge and understanding of ISMS and SMS certification processes (ideally, experience of the process of certification to both ISO27001 and ISO20000).
* Able to control own work priorities, work effectively alone and within teams, and communicate effectively at all levels within the business.
* Knowledge of ITIL best practice – at a minimum this should include an ITIL foundation qualification but ideally including a Service Operations Lifecycle qualification as well).
* Experience (minimum 5 years) of information security management in a List X/government supplier environment, and knowledge of government requirements for systems security and accreditation is desirable.
* ISO 27001 Lead Auditor
* TickITplus practitioner.
Skills Required: Risk, Compliance, SC Clearance, IT Audit compliance,
Job Type: Permanent
Start Date: ASAP     Duration:
Contact: Abbie Levens Contact E-mail: Click
Contact Tel: 01737 821065 Contact Fax:
Reference: ALE/1164487 Added: 01-11-2017
  IMPORTANT: For jobs based in the UK it is unlawful to employ a person who does not have permission to live and work in the UK. Please ensure you have this permission before applying, unless the advert states otherwise.
Home   •   About us   •   Privacy Policy   •   Terms   •   Contact Us   •   Help
Copyright © 2013