DTS Risk and Functional Assurance Manager


Premium Job From Nigel Frank International

Recruiter

Nigel Frank International

Listed on

11th April 2018

Location

London

Salary/Rate

£600 - £700

Type

Contract

Start Date

Urgent

This job has now expired please search on the home page to find live IT Jobs.

Purpose Statement

* The Risk and Assurance Manager provides strategic and operational leadership and is accountable for managing the Risk and Controls framework for their area of responsibility

* Provides support and required reporting to the Head of DTS Risk and Functional Assurance by partnering closely with Enterprise Risk Management, other risk and functional assurance teams, DTS stakeholders, Internal/External Audit, and with other areas of the Information Security team.

Accountabilities

Demonstrates leadership through managing a team of Risk and Assurance practitioners to execute on the following:

* Manage audit finding remediation across Digital Technology Services (DTS)

* Manage, as Proxy, DTS Risk and Controls for their area of coverage

* Manages the GRC tool, and facilitates areas of DTS to enter risks in line with the Group Risk Assessment Matrix

* Ability to prioritise tasks and responsibilities in a dynamic work environment

* Ability to present DTS risk and assurance subjects clearly to both technical and non-technical audiences

* Implement and manage an risk and control framework with KRIs, KPIs, and KPXs for their DTS coverage area

* Develop a DTS risk and assurance calendar, inform relevant parties and drive execution across all teams and stakeholders

* Support with information security assessments in relation to compliance requirements and standards

* Design and implement logical risk and controls enhancements at both the corporate and project level with a focus toward established processes. Manage any projects that arise from the implementation of new enhancements.

* Report compliance and risk assessments dashboards to DTS leadership and other internal/external stakeholders in a timely manner and move towards real-time reporting.

* Own and oversee risk/issue logs, and follow through on timely updates to keep logs an accurate representation of the DTS environment.

* Facilitate risk and controls review meetings with DTS leadership and escalate risks to ensure mitigation or acceptance

* Plan, coordinate and oversee day to day delivery of DTS Compliance, risk and control assessment and governance initiatives

* Identify opportunities for DTS process improvement through controls simplification and standardisation

* Knowledge of IT general controls such as change management, access management, incident management, and asset management.

* Ensuring that all risk and control assurance activities are aligned to applicable policies and standards and best practices

Competencies and Qualifications

Competencies

* Candidate must be an effective communicator capable of collaborating and building credibility with others who serve as key stakeholders or subject matter experts

* Solid understanding and ability to apply commonly-used concepts, practices, methodologies and procedures in the Information technology governance, risk management and controls assurance

* Strong resource management, planning, and project management skills.

* Ability to effectively interact with personnel involved in policy, technical, operational, and program management work.

* Possession of at least one of the following professional qualifications: CISSP, CRISC, CISM, CISA.

* Solid understanding of Information Security Forum (ISF) controls framework and NIST Cybersecurity Framework

* Proficient understanding of GRC processes, tool implementation and usage

* Strong knowledge of IT and information security concepts, management and tools

* Demonstrates strong organisational awareness and a collaborative attitude in order to build successful relationships and lead teams that will be dispersed across geographies

* Ability to influence diverse stakeholders to address identified risks, with excellent stakeholder management skills

* Knowledge of applicable internal and/or external regulatory policies, standards, procedures and controls (e.g. International Organisation for Standardization (ISO) 27000, National Institute of Standards and Technology (NIST), Control Objectives for Information and Related Technology (COBIT), Cyber Essentials, Centre for Protection of National Infrastructure (CPNI), OWASP Top 10, SANS Top 20 Critical Controls, Information Security Forum (ISF))

* Understanding of applicable regulations and contractual requirements relating to information security in UK, Europe and North America

* Understanding of cyber risks associated with the roll-out of smart metering in the UK, the Smart Energy Code (SEC) and associated security aspects

* Understanding of power utilities, retail energy, and oil and gas industry trends and emerging threats

* Ability to understand dependencies between business requirements and processes, technical systems, regulatory requirements and compliance regimes

* Strong investigative, analytical and problem solving skills, with high learning agility

* Demonstrated critical thinking and applied conceptual thinking and contextual analysis abilities

* Effective leadership style, with highly developed communication (oral and written), conflict management, and effective influencing skills

* Facilitates meeting of peers, clearly articulates issues, enables discussion that leads toward resolution and communicates results to management

You are currently using an outdated browser.

Please consider using a modern browser such as one listed below: