Information Security Officer - GRC to join a forward-thinking and transformational GRC Team, providing a business interface, technical translation and effective communication skills to the wider Information Security function in order to build relationships and steer the global organisation in its challenge to maximise productivity while reducing risk and improving its security posture.

Additionally to lead and drive the optimisation of my clients customer assurance process and improve customer-facing security posture.

Reporting to the Infosec Manager - GRC, with wider contact and working relationships across the SOC, Enterprise Security and Product Security, the role includes the performance of day to day GRC work, including on occasion technical risk assessments, secure designs for projects, in-house security assurance and vendor risk management; but will also have specific responsibility for responding to customer assurance requests, having a direct impact on business gained, and will be expected to lead in the optimisation of the customer assurance process and the development of a strong, customer-facing security posture.

All of which will require direct liaison with business units up to and including senior risk owners; along with assessments of business units under the ISF Standards of Good Practice aligned to ISO27001, including scoping, assessments, reporting and remediation advice/tracking.

REQUIREMENTS

• • • Proven experience of applying Information Security methodologies across the breadth of an organisation, preferably with in-house Information Security experience and preferably within a global organisation providing technical solutions to clients;
    • Proven experience of customer assurance and vendor risk management processes, providing the face of information security to customers and clients and being the single point of contact for legal document reviews;
    • Experience in prioritising and tailoring Information Security objectives and risk mitigations to business objectives;
    • Hands-on experience with Risk Management Frameworks or best practice Risk Methodology such as IRAM2 or ISO27005;
    • Excellent verbal communication skills with the ability to translate technical information into business-relevant information, and develop and maintain close working relationships, presenting the need for security to all personnel from senior leaders to specialist roles in a manner that encourages positive engagement and demonstrates the benefits of security in improving performance and profitability;
    • Excellent written communication skills with the ability to articulate risks in both a technical and business-relevant format, develop training and awareness campaigns in a clear and concise manner, and write policies and procedures in an understandable and unambiguous style;
    • Developed theoretical knowledge of OWASP required, with experience reviewing solution designs to identify risks and ensure adherence to secure design principles desirable;
    • Knowledge of Penetration Testing methodologies and Vulnerability Management, with the ability (experience preferred) to scope Penetration Tests and escalate results or vulnerability reports to remediation plans or information security risks;
    • Experience in Incident Escalation and Management in any capacity, with knowledge of best-practice Security Incident Management practices;
    • Foundational Security Certification such as CISMP or Security+.