We support delivery of the business strategy whilst ensuring that our Business Units maintain their legislative, regulatory and contractual obligations and help them to meet and exceed the needs of our customers and employees while operating in a secure and safe manner. The Group Risk & Compliance team, working closely with the First Line teams, play a critical role, and bring expertise to shape, and ultimately ensure, we achieve our purpose and deliver our vision.The Role
Reporting into the Head of Risk, ISMS and Resilience Manager is a key role within the Group Risk and Compliance team. The role is responsible for the ISO27001 certification for our B2B division, and will work closely with the whole Risk and Compliance team, Cyber Security team, IT team, Facilities team, HR team, and other key stakeholders. ISMS and Resilience Manager will also have a `dotted line` into the B2B Operations Director, and will work directly with B2B leadership team as needed. The ISMS and Resilience Manager will simplify, develop and continually improve the Information Security Management System (ISMS), in line with the relevant legal, regulatory & organisational requirements. This is a collaboration role, which will help drive efficiency and effectiveness, and contribute greatly towards the management of one of our most high profile risks - information security. Over time, ISMS remit will grow broader than B2B, with good practice being applied to the rest of the business units.
The ISMS and Resilience Manager will have extensive knowledge of information security assurance, and information resilience, together with sound knowledge of data privacy, risk management, operational and business resilience. They will have the ability to apply, translate and communicate their subject matter expertise across a complex business environment. They will also support the Head of Risk by developing and implementing a robust resilience framework in line with the Group`s strategic objectives and risk management framework. This key role will contribute at both operational and strategic levels.Examples of what you will be doing:
- Leading and managing all the day-to-day activities required to maintain an effective Information Security Management System (ISMS).
- Embedding the risk management framework, bringing risks to the attention of the business, providing expert advice on mitigating actions and monitoring the business`s adherence to the risk management policy. Collaborating to develop, maintain and promote the information risk and resilience components of the risk management framework.
- Holding regular ISMS management review meetings, following the set agenda as per the standard, taking minutes and making sure everyone is aware of their responsibilities for improvement actions.
- Maintaining a comprehensive account of the incidents and their resolutions, escalating these issues to management and relevant teams where necessary.
- Maintaining the versioning and release of ISMS policies and procedures as required by the standard.
- Conducting regular awareness and training activities to ensure ISMS is embedded across the business.
- Conducting 2nd line assurance, e.g. gap analysis, and supporting any internal audits relating to ISMS.
- Working with the Data Protection team to help ensure the confidentially, integrity and availability of our personal data.
- Highlighting risk, issues, non-conformances and improvement opportunities proactively, and applying corrections and continual improvement actions.
- Supporting and hosting surveillance and re-certification audits for ISO27001.
- Performing, where required, business impact analyses on key systems and services.
- Helping to embed disaster recovery process and controls to maintain the availability, integrity and confidentiality of personal data and key services.
- Ensuring that information security and resilience requirements are built into business change projects by design.