Information Security Risk Manager

The Information Security Risk Manager works with the relevant business areas and technology teams to identify and assess security risks across the Centrica organisation.

The role holder will manage the security risk framework and ensure timely assessment and treatment of security risks.

While our offices are based in Staines / Windsor we would be very happy to talk about flexible working arrangements.

Package: Negotiable base salary plus bonus, pension, healthcare and car allowance

Role accountabilities:

• Develop and implement the Security Risk Management framework

• Ensure security risks are identified, assessed and either treated or accepted in accordance with the risk appetite

• Work with the business areas to understand their key security risks and agree the actions to mitigate (where relevant)

• Ensure services are assessed and classified based on their Confidentiality, Integrity and Availability

• Ensure periodic risk assessments of key services are performed and remediation plans are monitored

• Understand the external security environment and emerging trends to support security risk management

• Facilitate the quarterly review of the IT Risk submission to Enterprise Risk Management

• Facilitate workshops with senior stakeholders from diverse background to determine cyber risks and assess their ratings

• Develop communication material and reporting suitable for CxO level and senior leadership

• Develop effective reporting for the CxO level and undertake briefings with technology and business leaders.

Competencies, Experience and Qualifications:

• Experience in a Cyber Security function and demonstrable management experience within Cyber Security and Technology

• Extensive knowledge of Cyber Security risk assessment methods, such as ISRAM, OCTAVE etc

• Strong knowledge of information security technologies, such as identity and access management, encryption, and multi-factor authentication

• Be able to model threat scenarios to identify cyber security threats arising from new or changing systems and applications

• Experienced in managing small and medium-sized teams

• Managed Governance, Risk and Compliance tools and methods

• Knowledge of internal and/or external regulatory policies, standards, procedures and controls (e.g., CPNI, NIST, ISO27xx)

• Ability to drive technical consensus and facilitate agreements with challenging stakeholders

• Ability to understand business visions and strategy and anticipates the associated risks from a technology and security perspective

• Effective management style, with strong communication (oral and written) and conflict management skills.