IT Risk Officer
- Employer
- DCV Technologies Limited
- Location
- Borehamwood, UK
- Salary
- Competitive
- Closing date
- Mar 15, 2019
View more
- Job Role
- Risk Manager
- Sector
- Finance
- Contract Type
- Permanent
- Hours
- Full Time
You need to sign in or create an account to save a job.
IT Risk Officer Looking for an experienced IT Risk Officer to work alongside the IT General Management team to deliver the Group IT Risk and Governance Framework. As the IT Risk Officer you will engage with stakeholders and senior management, and accompany the implementation and controls relating to the good management of IT risks on:
• IT Security
• IT Continuity
• IT Governance
• IT Human Resource Management
• IT Legal aspects
• IT Sourcing / IT procurement
• IT Compliance
• IT Obsolescence
• IT Execution processes
• Shadow & Light IT
• IT Licenses
• Datacenters Knowledge of CIS20 and topics contained, or equivalent, will be an advantage. Key
responsibilities:
• Implement and monitor the IT risk management system, with particular attention to the management of major IT risks, using standard tools provided by the corporate team.
• Performs the IT Risk Analysis, to identify and assess the risk to IT and applications in a reproducible and comparable way using the standard IT Risk & Cyber Analysis forms, tools and processes.
• Ensure reporting to relevant stakeholders for IT risk management. IT risks that have a "material" impact on the objectives or results, and are of a nature that requires the stakeholder's attention.
• Identify the means and follow action plans to respond to IT risks, by ensuring the completeness and exhaustiveness of the action plans, ensuring the follow-up of progress, and updating regularly the status of each IT risks in corresponding logs.
• Manage the acceptance of IT Risks, ensuring that the non-tolerable IT risks are formally accepted by the relevant stakeholders, and monitored following the defined process.
• Implement the Permanent Control activities by executing or delegating the controls of the Group control plans and gathering the evidence.
• Analyse the results of the controls to identify specific risks and register them into the IT Risk Register.
• Organize and manage the IT Risk committee in order to provide to the local CIO and COO an exhaustive view of the IT Risks status
• Integrate the IT Security Maturity Evaluation (NIST assessment) identified risks in the IT & Cyber Risk committee to ensure that the roadmap of the Cyber program is in line with the objectives of IT & Cyber risks mitigation.
• Consolidate IT and Cyber risks to provide input to the Regional and Corporate ITROs.
• Manage recommendations issued by the Group's regulators and / or control functions in accordance with the objectives of risk coverage and planning.
• Monitor the conformity level for all IT governance rules with declaration of any non-compliance.
• Provide a factual and comprehensive analysis for significant incidents to help estimate the level of operational risk
• Perform IT Risk Maturity Evaluation.
• Manage the IT Risk Mapping.
• Ensure communication and awareness on good IT risk management practices,
• Assist and advise the operational staff. PERSON SPECIFICATION Required Skills and Work Experience - Essential
• Knowledge of IT risk management and analysis methods
• Good knowledge of IT organizations and professions
• Relevant IT technical knowledge
• Experience with internal / external Security and Governance audits.
• Use of Corporate and Group tools related to IT Risk management
• Ability to conduct professional discussions face-to-face or on the phone
• Ability to adapt communication to material relevant to varying audiences (IT and non-IT), and the situation.
• Be educational and effective in communication
• Have the ability to provide advice / recommendation / judgment by taking a step back and looking at the overall picture
• Ability to identify and engage resources and coordinate their intervention, working in teams and / or across multiple teams.
• Ability to accurately evaluate a situation and facts
• An understanding of best practices for Incident handling, security investigation processes and techniques.
• Experience with the latest information security threats & vulnerabilities and appropriate counter measures, Desirable
• Experience with attack monitoring and Intrusion Detection (IDS/IPS), SIEM, Anti-Virus, WAF, Firewalls, Identity and Access Management (IAM), patch management, and encryption,
• Experience with, and in-depth understanding of security vulnerability tools, techniques, and standards used to conduct penetration testing
• Knowledge of regulations and frameworks related to IT Security and Personal Data Protection will be an asset
• A background of working on security awareness campaigns Required Qualifications - Desirable
• An understanding of CIS20.
• Security related degrees and relevant industry qualifications such as CISSP, CISA, CISM, CIS20, CEH and OSCP, or equivalent.
• IT Security
• IT Continuity
• IT Governance
• IT Human Resource Management
• IT Legal aspects
• IT Sourcing / IT procurement
• IT Compliance
• IT Obsolescence
• IT Execution processes
• Shadow & Light IT
• IT Licenses
• Datacenters Knowledge of CIS20 and topics contained, or equivalent, will be an advantage. Key
responsibilities:
• Implement and monitor the IT risk management system, with particular attention to the management of major IT risks, using standard tools provided by the corporate team.
• Performs the IT Risk Analysis, to identify and assess the risk to IT and applications in a reproducible and comparable way using the standard IT Risk & Cyber Analysis forms, tools and processes.
• Ensure reporting to relevant stakeholders for IT risk management. IT risks that have a "material" impact on the objectives or results, and are of a nature that requires the stakeholder's attention.
• Identify the means and follow action plans to respond to IT risks, by ensuring the completeness and exhaustiveness of the action plans, ensuring the follow-up of progress, and updating regularly the status of each IT risks in corresponding logs.
• Manage the acceptance of IT Risks, ensuring that the non-tolerable IT risks are formally accepted by the relevant stakeholders, and monitored following the defined process.
• Implement the Permanent Control activities by executing or delegating the controls of the Group control plans and gathering the evidence.
• Analyse the results of the controls to identify specific risks and register them into the IT Risk Register.
• Organize and manage the IT Risk committee in order to provide to the local CIO and COO an exhaustive view of the IT Risks status
• Integrate the IT Security Maturity Evaluation (NIST assessment) identified risks in the IT & Cyber Risk committee to ensure that the roadmap of the Cyber program is in line with the objectives of IT & Cyber risks mitigation.
• Consolidate IT and Cyber risks to provide input to the Regional and Corporate ITROs.
• Manage recommendations issued by the Group's regulators and / or control functions in accordance with the objectives of risk coverage and planning.
• Monitor the conformity level for all IT governance rules with declaration of any non-compliance.
• Provide a factual and comprehensive analysis for significant incidents to help estimate the level of operational risk
• Perform IT Risk Maturity Evaluation.
• Manage the IT Risk Mapping.
• Ensure communication and awareness on good IT risk management practices,
• Assist and advise the operational staff. PERSON SPECIFICATION Required Skills and Work Experience - Essential
• Knowledge of IT risk management and analysis methods
• Good knowledge of IT organizations and professions
• Relevant IT technical knowledge
• Experience with internal / external Security and Governance audits.
• Use of Corporate and Group tools related to IT Risk management
• Ability to conduct professional discussions face-to-face or on the phone
• Ability to adapt communication to material relevant to varying audiences (IT and non-IT), and the situation.
• Be educational and effective in communication
• Have the ability to provide advice / recommendation / judgment by taking a step back and looking at the overall picture
• Ability to identify and engage resources and coordinate their intervention, working in teams and / or across multiple teams.
• Ability to accurately evaluate a situation and facts
• An understanding of best practices for Incident handling, security investigation processes and techniques.
• Experience with the latest information security threats & vulnerabilities and appropriate counter measures, Desirable
• Experience with attack monitoring and Intrusion Detection (IDS/IPS), SIEM, Anti-Virus, WAF, Firewalls, Identity and Access Management (IAM), patch management, and encryption,
• Experience with, and in-depth understanding of security vulnerability tools, techniques, and standards used to conduct penetration testing
• Knowledge of regulations and frameworks related to IT Security and Personal Data Protection will be an asset
• A background of working on security awareness campaigns Required Qualifications - Desirable
• An understanding of CIS20.
• Security related degrees and relevant industry qualifications such as CISSP, CISA, CISM, CIS20, CEH and OSCP, or equivalent.
You need to sign in or create an account to save a job.
Get job alerts
Create a job alert and receive personalized job recommendations straight to your inbox.
Create alert