Regional Information Security Risk and Compliance Manager

Dyson IT

At Dyson, we demand the highest standard of performance from the technologies we engineer. Our people expect the same from the technology that supports them. We are a community that appreciates and advocates better engineering. A community of pioneers.

Dyson IT is mid-transformation. Our aim is to create robust IT architecture, to manage data effectively and efficiently, and continue to grow our world-class team. A team that is strategic, enabling business acceleration, growth, and success.

Our Cyber Security team

It’s no secret that our intellectual property is massively critical to our success. But how do we keep it from the prying eyes of the bad guys? Dyson’s Global Cyber Security department works effectively to keep our secrets secret and secure our crown jewels using advanced technologies to stay one step ahead of the game. We take a pragmatic approach, transforming cyber security in order to enhance our business resilience, enable our colleagues to move fast, delight our customers, and better manage potential cyber disruption. Investing in new cyber security capabilities across technology, process, and people, we build on and leverage our strong cyber security ecosystems to tackle future threats.

Our IT Security Risk & Compliance, Enterprise Security, and Cyber Defence functions are the beating heart of Dyson’s Cyber Fusion Centre capabilities. Together, they enable the successful delivery of exciting new projects, help existing toolsets remain effective, enable and encourage compliance, balance red & blue team capabilities, and make sure that cyber security incidents are managed in a timely and efficient way.

Key Responsibilities:

The Regional Manager IT Security Risk & Compliance, reporting to the Global Senior Manager, IT Security Risk & Compliance will be responsible for:

IT Security Risk & Compliance:

• IT Risk Assessment:

  • Identify and assess potential IT risks within the region.

  • Analyse data and trends to evaluate the impact of IT risks on the organisation.

• IT Risk Mitigation:

  • Develop and implement IT risk mitigation strategies and action plans.

  • Collaborate with department heads to establish IT risk reduction measures.

• Compliance:

  • Ensure that the organisation complies with relevant industry regulations and standards.

  • Monitor changes in regulations and adjust risk management strategies accordingly.

• Reporting:

  • Prepare and present regular reports on regional risk exposure and mitigation efforts to senior management.

  • Provide insights and recommendations for risk reduction and improvement.

• Training and Awareness:

  • Conduct training sessions and workshops for employees to increase risk awareness and promote risk management best practices.

• Dawn Raid Response:

  • Participate in Dawn Raid Response Plan to address unannounced inspection.

  • Coordinate with Legal and other relevant teams during the incident.

• Stakeholder Communication:

  • Communicate risk-related information to key stakeholders, both internal and external, as necessary.

Skills

With experience in a similarly dynamic, international role and complex organisation, you’ll have a proven authoritative knowledge of leading an IT function in the global/region working as part of a global matrix managed team.

• A highly self-motivated individual with positive mindset & can-do attitude, and a strong believer of “Security as an enabler” to support business growth.

• An exceptional track-record of managing IT Security Risk and Compliance team, encompassing a range of responsibilities including operational IT security, consultancy, implementation, and compliance. 

• Demonstrable experience of developing strong partnerships across management teams within complex businesses, you'll possess the strength of character and conviction to make tough decisions when required.

• Practical knowledge and experience specific to enterprise information security (IT Infrastructure, Networks, Applications, Security controls, etc.)

• Strong hand-on knowledge of industry standard frameworks (ISO 27001, NIST, ITIL etc.), best practices (OWASP, CSA) and regulations (PCI DSS, GDPR, China Cyber Security Law, etc.)

• Ability to evaluate & articulate risks, develop consensus, raise awareness and provide thoughtfully considered security solutions to various key business stakeholders.

• Ability to translate and distil complex technical information across all levels of the organisation as required for the audience.

• Ability to effectively develop and manage all defined communication channels and relationship management with diverse and cross-functional stakeholder groups.

• Ability to lead and manage a specialist based, high performing and multicultural team

Candidate Requirements

• Bachelor’s Degree in Information Technology, Computer Science, or a related field/science.

• Considerable experience in the Information security/IT Governance, Risk and Compliance (GRC) area.

• Industry security certifications such as CISA, CISSP, CRISC or ISO 27001 Lead Auditor.

• Experience in implementing security controls, risk assessment framework, and program that align to regulatory requirements.

• Deep domain knowledge, ideally enterprise experience and global exposure with strong understanding knowledge of cloud computing.

• Familiar with GRC tools such as RSA Archer, OneTrust.

• Cloud solution provider certification such as AWS Solutions Architect, or GCP certified would be a bonus.

• Excellent relationship skills - the ability to build positive relationships with both technical and business personnel.

• Excellent communication skills in written and oral presentation material.

Our culture is unique. It's not easy or comfortable. It's certainly not for everyone, but if you thrive on challenge and are excited by change – it could be for you.

Dyson is an equal opportunity employer. We know that great minds don’t think alike, and it takes all kinds of minds to make our technology so unique. We welcome applications from all backgrounds and employment decisions are made without regard to race, colour, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other any other dimension of diversity.