Manager, Information Security Risk

Company Description

Inmarsat has been at the forefront of global mobile satellite communications for over forty years, and is the market leading provider of voice and high-speed data communications for users on land, at sea and in the air through its constellation of 15 geostationary satellites.  Inmarsat is a privately owned company with a profitable track record and significant growth aspirations. This is represented by more than 55 nationalities in the workforce, reflecting the global and dynamic nature of the business. With an investment of over $3 billion in its latest network infrastructure, Inmarsat is at the forefront of global mobile communications innovation.

Chief Operations Office 

Inmarsat’s Chief Operations Office (COO) plays a vital role managing the services that keep our business running and delivering to our customers. COO consists of 9 functions including: Satellite Operations, Network Operations, Service Assurance, Service Delivery Aviation and Customer Assurance, Service Delivery and Supply Chain, Project Management Office, Global Cyber Security and Group IT

Job Description

Primary role purpose:

The SVP, Global Security and Cyber leads an agile organisation, which is responsible for Security Strategy, Governance and Risk Management; Security Architecture and Engineering; and Security Operations.

Inmarsat has implemented an Information Security Management System (ISMS) which is certified to ISO 27001 standard. The ISO 27001 is a risk-based standard: identifying and understanding information security risks is a pre-requisite for a successful implementation of the ISMS.  

Reporting to the Senior Director, Security Strategy, Governance and Risk Management, the Information Security Risk Manager will work be responsible for:

• Design and implantation of risk management frameworks;
• Information security risk management policies and procedures, standards, tools, and techniques for assessment of risk-mitigating controls;
• Risk monitoring, reporting and escalation through an integrated Information Security Risk Register.

The successful candidate shall be able to work independently, demonstrating initiative and autonomy, within an highly integrated team.

Role Responsibility

Operational

• Execute the end-to-end process to manage information security risks within Global Security and Cyber activities, including procedures design and implementation, coordination of deliverables, and escalating matters to management, as applicable
• Working collaboratively, and transparently with Security Risk Champions (SRCs) across the business to identify and assess information security risks in line with published information security risk management policy and procedures achieving consistency and efficiency in the risk management frameworks design and execution
• Track and maintain applicable deadlines, ownership, and follow-up with stakeholders
• Prioritize and manage multiple tasks and deadlines
• Perform data extracts and create analyses and impact reports for senior management
• Escalating to management and stakeholders, as applicable, potential exceptions, concerns, and delays in addressing risk remediation

Strategic

• Support the design and implementation of quantitative risk analysis
• Assist in development, execution and delivery of annual risk workshops with key stakeholders
• Assist in challenging and following-up on definitions of risks controls, controls testing and corrective action plans management
• Assist in documentation and submission of information and presentations for internal management committees

Leadership

• Develop and maintain relationships with key stakeholders across organisation
• Foster, promote, and uphold Information Security Risk Management culture at Inmarsat
• Actively participate in risk management working groups

Qualifications

Key Knowledge, skills and experience: 

• Demonstrable knowledge of Information Security Risk Management framework design and implementation, and processes oversight, including workflows and reporting
• Experience with effectively and efficiently executing and documenting planning, fieldwork, reporting and issue tracking/validation in connection with monitoring/testing design and operational effectiveness of controls
• Demonstrable knowledge and previous work experience of ISMS (ISO 27001).
• Understanding of Enterprise Risk Management principles
• Experience and proficiency with data collection, data analysis, data interpretation, and data quality
• Relationship building and interpersonal skills
• Comfortable and confident in leading change
• Highly Organised and able to manage multiple priorities
• Comfortable communicating at all levels of the organisation
• Support, influence and promote risk and risk management culture
• Ability to multi-task with a 'can-do' attitude
• Organized self-starter with good project management and communication skills

Desirable for the role

• Working knowledge of NIST Framework for Improving Critical Infrastructure Cybersecurity
• Understanding of Crisis Management and Business Continuity
• Hands-on experience of quantitative analysis for measuring and managing information risk (FAIR Methodology)

Qualifications

• The candidate will preferably be educated to a degree level or above in an Information Security related discipline. CISA, CISM, CISSP, ISO27001 (Lead ISO Auditor) or equivalent.
• Project management experience is advantageous.
• Data analytics skills and experience preferred.

Additional Information

You must be eligible to work in this location advertised.

Inmarsat Values: 

Our values define Inmarsat’s culture and represent what we believe in. Inmarsat employees aspire to certain behaviours which support our corporate values, they create a stronger working environment and lie at the heart of our continued success as an organisation.

• Customer – Providing a unique value to our customers
• Accountability – taking ownership, getting results and keeping our promises
• Respect – collaborating, embracing diversity and valuing differences
• Excellence – creating bold solutions for our customers and putting quality at the heart of everything we do

As an employer, we believe in facilitating a flexible working environment where possible while taking into consideration the operational requirements of an employee’s position and work unit.

Diversity:

Inmarsat warmly welcomes applications from suitably qualified and eligible candidates regardless of sex, age, race, disability, sexual orientation, gender identity, religion or belief, marital status or pregnancy and maternity.  Please let the Resourcing Team know if there are any ways in which we can support you in the hiring process.