Head Of Assurance Programme - Info Security Risk

Adam Appointments
05 Dec 2017
10 Dec 2017
Contract Type
Full Time
This is a career defining opportunity with a global financial services success story, in their Information Security Risk function, joining the management team as one of the first Scottish team hires, in the role of Head of Assurance Programme and Testing, Information Security Risk. This lovely newly created role involves leading and managing ISR teams carrying out Assurance review activity as part of the Second Line of Defence global ISR Assurance Review team, which will provide assurance as to the effectiveness and maturity of the information security risk management framework throughout the business. Working alongside some of the industry’s finest you will liaise with Audit, and other 2LoD functions external to ISR such as Operational Risk and will regularly deal with Global Business and Global Function stakeholders regarding reviews to ensure they cover all aspects of Information Security Risk Key responsibilities of this role include ... - Leading Assurance Reviews of Information Security Risk in Global Businesses and Functions - Working with the Head of ISR Assurance to provide input into the annual review planning process - Liaising with Global Businesses/Global Functions over remediation of review findings, and review and agreement of actions - Liaising with interested parties including Audit, and other 2nd line functions external to ISR such as Operational Risk - Working with the relevant SMEs to ensure that Assurance Reviews cover all aspects of Information Security Risk - Collaborating effectively with SMEs from a number of different ISR teams to deliver an effective Assurance Review - Leading a virtual team based across a number of locations to conduct Assurance Reviews - Managing resources from a number of teams through the matrix management structures of the ISR department - Working with the global Assurance Review team to plan reviews, coordinate efforts and share best practice We're looking for candidates with ... - Minimum Bachelor Degree and/or related experience in the Financial Services industry or global corporate service provider - Professional Security Qualifications such as CISA, CISM, CRISC – preferable - Good knowledge of Information Security Risk policies, standards and controls; and knowledge of ISR’s role within the three lines of defence and the Operational Risk framework - Good planning and analytical skills - Ability to assess the effective application of Information security Controls in the business - Experience of dealing with senior management across Global Businesses and Functions - Experience working in relevant environment/s, i.e. Information Security, IT Operations, Software Delivery, IT Audit, or Risk - Ability to explain information security risks clearly and in non-technical language to the business and how these apply to them - Ability to provide advice to areas that have been reviewed on how to address any identified information security weaknesses - Good technical writing skills to allow the results of assurance reviews to be presented clearly, concisely and consistently - Ability to build connections and work effectively with a virtual team of people across boundaries working on global assurance reviews - Ability to assess the design effectiveness and operational effectiveness of information risk related controls - An understanding of the Operational Risk framework, in particular RCAs, ICMPs and issue and incident management - Strong interpersonal skills to build and maintain relationships with a wide range of people during the assurance review process, even when conveying difficult messages - A flexible and adaptable approach to change and will support others to respond in a similar way This unique role will lead to fantastic longer term opportunities in a succesful, complex, sizeable global organisation in the financial services arena. Please contact us to discuss the role in confidence. Adam Appointments is the only Scottish agency specialising exclusively in Corporate Governance recruitment.