Information Security, Risk & Governance Manager (3276)

About GBG

GBG offers a range of solutions that help organisations quickly validate and verify the identity and location of their customers. Our market-leading technology, data and expertise help our customers improve digital access, deliver a seamless experience and establish trust, so that they can transact quickly, safely and securely with their customers online. We have over 1,000 team members across 15 countries and work with over 20,000 customers in over 70 countries. Some of the world's best-known businesses rely on GBG to provide digital services and keep the economy moving.

The Team

GBG’s Information Security team are accountable for GBG’s overall security posture, including all aspects of the Information Security Management System, security architecture, framework and standards compliance, security training, supply chain risk management, operational security and information security risk management.

The Role

The Information Security Risk and Governance Manager is responsible for managing GBG’s Information Security Risk, Compliance, and 3rd party due diligence functions within EMEA. They will be responsible for Information security management systems and accreditations in ISO27001, Cyber Essentials Plus and PCI-DSS. They will manage a team of Information Security Analysts that support multiple business units across different geographies in EMEA.

What you will do

• Support the delivery of the GBG InfoSec Strategy.
• Manage and maintain a common compliance framework across the group that can align to GBG’s compliance and Internal audits requirements.
• Manage and maintain the Security Awareness programme.
• Establish and manage an asset management framework.
• Manage and maintain effective InfoSec Policies, Standards and Procedures.
• Support procurement, legal, Audit, contract and vendor negotiations.
• Establish and manage Information Management systems such as ISO27001, CIS, Cyber Essentials, NIST CSF and PCI (Payment Card Industry / Data Security Standard).

• Manage and maintain a comprehensive Information Security Risk framework.
• Attracts, retains, and leads a team of employees by educating, developing and managing them

Requirements

• A background in technology and security is a must.
• A good working knowledge of the latest information technology security trends and emerging threats is essential.
• Experience of implementing risk management principles and methodologies within a security or technology function is essential.
• Experience of common information security management frameworks and standards, such as ISO270XX, PCI-DSS and National Institute of Standards and Technology (NIST).
• An understanding of cloud infrastructure technologies and associated risks would be beneficial.
• A working knowledge of relevant data protection legislation would be of benefit (DPA, GDPR).
• Relevant certifications - CISSP, CISM, ISO27001 lead implementor/auditor.
• Strong ICT skills including familiarity with Microsoft Office365 product suite.
• Excellent report writing skills and the ability to present and articulate complex data in a clear and intuitive way, are essential.
• Strong analytical skills to analyse security requirements and relate them to appropriate security controls.

• Excellent communication skills and ability to interact with and influence stakeholders across the globe.
• Good interpersonal skills, with the ability to interface effectively with a broad range of people and roles.
• Ability to prioritise work tasks in order to achieve objectives.
• Self-driven with a keen desire to develop and improve professionally.
• A team player who will drive and motivate a team, as well as build good working relationships with key stakeholders.

Benefits

We have a vision to have the best and most engaged team members in the industry. People matter at GBG, they make us who we are. Every team member across all our locations makes a difference, everyone has something to contribute. Maybe you too could make a difference.

As part of our commitment to our team and flexible working approach, we have created a Work When and Where You Want Policy to give our team members choice and empowerment, and to support a balance in work and home life. Please ask your Talent Attraction Specialist for more information on this and our Family Friendly policy if you want to find out more!

Next steps

If you’re interested, please apply! We’re looking to hire the best and most engaged people into our business and we’ll make an offer once we’ve found that person.

As an equal opportunity employer, we are committed to providing fair opportunities for everyone regardless of age, gender, race, religion, sexual orientation, parental status or disability. Everybody is welcome and our inclusion and diversity programme, be/yourself, is designed to ensure that you can thrive. Please inform your GBG Talent Attraction Specialist if you require any reasonable adjustments to the interview process.