Head of IT Legal Regulatory Compliance - Sunbury - 6 Months - £1000 - £1200
Recruiter
Listed on
Location
Salary/Rate
Type
This job has now expired please search on the home page to find live IT Jobs.
My client an Energy Trading Company based in Sunbury requires a Head of IT Legal Regulatory Compliance
Role synopsis
Cyber Security is one of my clients Highest Priority Group Risks and is overseen by Digital Security & Risk (DSR). Digital Security & Risk is a team of approximately 150 FTE who work to protect my clients information and IT systems in collaboration with the wider company’s business.
The Head of IT Legal & Regulatory Compliance plays a key role in the Governance, Risk & Compliance team within DSR. This global role is responsible for driving compliance towards all IT legal and regulatory compliance regimes. These include: Sarbanes Oxley (SOX), Payment Card Industry Data Security Standards (PCI DSS), new Cyber Security legislation, IT and security aspects of privacy legislation and other regulatory requirements. The role holder works with and influences multiple IT&S service owners to drive the compliance. The role holder also collaborates with stakeholders in a number of Group Functions such as Group Control, Group Legal and Data Privacy.
This is a new role due to the increasing volume of legal and regulatory requirements within cyber security and the wider IT environment.
Key accountabilities
Management of compliance team.
Set legal & regulatory compliance strategy, processes and tooling working closely with the Head of IT Governance & Requirements.
Influence Group wide cyber security policies, standards & best practices in line with compliance requirements.
Drive SOX and PCI DSS compliance activity including planning, scoping, management assessment and liaison with auditors/assessors.
Define and lead execution of activity required to allow the company to work towards compliance with new cyber security and privacy legislation globally.
Lead and manage all IT external audit activity across the Group.
Lead Ethics & Compliance for IT&S in line with Group requirements.
Produce high quality compliance deliverables for consumption by various Group-wide senior stakeholders. This includes IT&S Due Diligence reporting.
Represent IT legal and regulatory matters at IT&S Governance forums as required.
Manage senior stakeholders in sectors and other Group Functions such as Group Control, Group Legal and Data Privacy.
Maintain IT compliance status and identify actions and owners required to address gaps.
Monitor market trends and liaise with third parties including industry peers, vendors, governments and consulting firms to foster collaboration and leverage latest thinking.
Essential education
Current security qualification (CISSP, CISM or equivalent e.g. Full membership of the IISP)
Degree level qualification.
Essential experience and job requirements
Experience of implementation and operation of legal and regulatory compliance services in a large, multinational organisation.
Experience of managing security, compliance or audit teams.
Security and IT compliance experience covering IT processes, cyber security, internal controls over financial reporting and PCI DSS.
Experience of managing external audit relationships.
Excellent written communication of technology, cyber security and business issues up to Board level in major corporations with clarity, focus and high impact.
Experience of stakeholder management with government institutions.
Ability to deal with and influence multi-cultural groups of stakeholders and to work group wide across functions and segments across reporting lines.
Track record of building networks with other teams to enhance effectiveness.
Directly and indirectly manage teams of permanent and contract staff.
Excellent attention to detail
Desirable criteria & qualifications
RSA Archer and/or SAP GRC experience
Internal or External Audit experience