Information Security, Risk & Governance Manager (3276)
United Kingdom - Remote
GBG
We offer a range of solutions that help organisations quickly validate and verify the identity and location of their customers.About GBG
GBG offers a range of solutions that help organisations quickly validate and verify the identity and location of their customers. Our market-leading technology, data and expertise help our customers improve digital access, deliver a seamless experience and establish trust, so that they can transact quickly, safely and securely with their customers online. We have over 1,000 team members across 15 countries and work with over 20,000 customers in over 70 countries. Some of the world's best-known businesses rely on GBG to provide digital services and keep the economy moving.
The Team
GBG’s Information Security team are accountable for GBG’s overall security posture, including all aspects of the Information Security Management System, security architecture, framework and standards compliance, security training, supply chain risk management, operational security and information security risk management.
The Role
The Information Security Risk and Governance Manager is responsible for managing GBG’s Information Security Risk, Compliance, and 3rd party due diligence functions within EMEA. They will be responsible for Information security management systems and accreditations in ISO27001, Cyber Essentials Plus and PCI-DSS. They will manage a team of Information Security Analysts that support multiple business units across different geographies in EMEA.
What you will do
- Support the delivery of the GBG InfoSec Strategy.
- Manage and maintain a common compliance framework across the group that can align to GBG’s compliance and Internal audits requirements.
- Manage and maintain the Security Awareness programme.
- Establish and manage an asset management framework.
- Manage and maintain effective InfoSec Policies, Standards and Procedures.
- Support procurement, legal, Audit, contract and vendor negotiations.
- Establish and manage Information Management systems such as ISO27001, CIS, Cyber Essentials, NIST CSF and PCI (Payment Card Industry / Data Security Standard).
- Manage and maintain a comprehensive Information Security Risk framework.
- Attracts, retains, and leads a team of employees by educating, developing and managing them
Requirements
- A background in technology and security is a must.
- A good working knowledge of the latest information technology security trends and emerging threats is essential.
- Experience of implementing risk management principles and methodologies within a security or technology function is essential.
- Experience of common information security management frameworks and standards, such as ISO270XX, PCI-DSS and National Institute of Standards and Technology (NIST).
- An understanding of cloud infrastructure technologies and associated risks would be beneficial.
- A working knowledge of relevant data protection legislation would be of benefit (DPA, GDPR).
- Relevant certifications - CISSP, CISM, ISO27001 lead implementor/auditor.
- Strong ICT skills including familiarity with Microsoft Office365 product suite.
- Excellent report writing skills and the ability to present and articulate complex data in a clear and intuitive way, are essential.
- Strong analytical skills to analyse security requirements and relate them to appropriate security controls.
- Excellent communication skills and ability to interact with and influence stakeholders across the globe.
- Good interpersonal skills, with the ability to interface effectively with a broad range of people and roles.
- Ability to prioritise work tasks in order to achieve objectives.
- Self-driven with a keen desire to develop and improve professionally.
- A team player who will drive and motivate a team, as well as build good working relationships with key stakeholders.
Benefits
We have a vision to have the best and most engaged team members in the industry. People matter at GBG, they make us who we are. Every team member across all our locations makes a difference, everyone has something to contribute. Maybe you too could make a difference.
As part of our commitment to our team and flexible working approach, we have created a Work When and Where You Want Policy to give our team members choice and empowerment, and to support a balance in work and home life. Please ask your Talent Attraction Specialist for more information on this and our Family Friendly policy if you want to find out more!
Next steps
If you’re interested, please apply! We’re looking to hire the best and most engaged people into our business and we’ll make an offer once we’ve found that person.
As an equal opportunity employer, we are committed to providing fair opportunities for everyone regardless of age, gender, race, religion, sexual orientation, parental status or disability. Everybody is welcome and our inclusion and diversity programme, be/yourself, is designed to ensure that you can thrive. Please inform your GBG Talent Attraction Specialist if you require any reasonable adjustments to the interview process.
Tags: Audits CISM CISSP Cloud Compliance GDPR Governance ISO 27001 NIST Risk management Strategy
Perks/benefits: Flex hours
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs