This is a true opportunity to be involved in something from the start - the ability to influence and shape how we operate securely as a business, using next generation security tools and services.
This role will define the key business risks for BMI Group in the cyber and information security space, across business and industrial technologies and with colleagues to ensure those risks are managed.
You will be responsible for :
You will be responsible for Managing a small team of information security consultants to deliver effective cyber security governance, risk management and compliance activities Managing the cyber security risk management strategy, framework and approach Integrating cyber security risk reporting and aggregate reporting into an Enterprise risk framework as it develops within the Group In conjunction with Legal, you will identify information management and protection laws and regulations and define actions to ensure compliance In conjunction with the Information Security team, Business Partners and IT service delivery you will develop strategies and action plans to drive controls improvement in areas where controls do not adequately provide compliance or manage risk Coordinating and track all security related audits including the scope of audits, business units involved, timelines, and outcomes.
Liaising with Internal / External Audit partners, maintaining excellent relationships and providing transparency Leading the development and implementation of effective and pragmatic policies, standards and processes to secure sensitive data and ensure security and compliance with contracts, regulatory requirements, and industry standards Partnering with HR to define and ensure that education and training plans are implemented to ensure that BMI staff and, where needed, supplier staff are informed and able to make the right decisions when dealing with sensitive data or potential cyber threats Developing, documenting, and assessing appropriate measures and metrics Managing and regularly delivering a risk report that summarises cyber and information security risks for senior management.
What you can bring :
Proven track record of developing and delivering governance, risk and compliance or ISMS frameworks into fast paced, complex environments Delivering risk management frameworks, governance board presentations, enterprise security SOP & policy, design and delivery of employee security awareness training A clear ability to evaluate risks to the company and articulate issues simply and clearly, develop consensus, raise awareness, and recommend and help implement solutions Knowledge of common information technology management frameworks such as ISO / IEC 27001, ITIL, COBIT, and NIST Strong knowledge of cloud security requirements, such as the CSA or ENISA frameworks.
Broad understanding of relevant legal, regulatory and privacy requirements Passion for risk management and cyber security Excellent written and spoken communication skills Comfortable and effective in building partnerships with organizational leaders and influencing senior management Be able to deliver to deadlines and manage expectations professionally Ability to work collaboratively and effectively with a cross-
section of the Information Technology team and business organisations to implement information security standards and initiatives.
This role will be based in our Tech Hub in the heart of Reading.