DIRECTOR, INFORMATION SECURITY RISK MANAGEMENT

Job Overview Reed Specialist Recruitment is currently seeking a qualified candidate to take on a pivotal role in shaping the Information Security Risk Management framework for our prestigious client.
As the successful candidate, you will lead risk-related initiatives and manage risks identified through various IT and operational audits.
Your responsibilities will extend to developing team members, engaging with senior business stakeholders, and creating targeted risk assurance programs.
This global position allows for hybrid working, requiring occasional attendance at our Lisbon office.
As the Director for Information Security Risk Management, you will be tasked with the following.
– Leading risk-related projects – Sustaining ongoing testing and development of the Information Security Risk Management framework, while providing regular updates to stakeholders – Producing necessary risk reports – Collaborating with senior leaders within the team for training and guidance – Working with Business Units and stakeholders to ensure effective protection/risk transfer for business activities – Establishing a Supplier Risk Management Framework Key Responsibilities.
– Spearheading the development and integration of the Information Security Risk Management Framework, Risk Appetite Statements, and Risk Policies and Procedures across the organization – Collaborating closely with business and senior management to identify and manage risks aligned with the organization’s strategy and risk appetite – Offering strategic and tactical guidance to business decision-makers – Contributing to a robust governance structure and risk management across all business entities – Assessing the impact of emerging risks and regulations, and providing input for pragmatic solutions – Establishing a comprehensive risk reporting system and process – Assisting in remediating risks identified through established processes and procedures – Providing recommendations for remediation based on reviews and risk assessments – Assisting key business stakeholders in identifying and responding effectively to risk – Defining key risk and performance indicators (KRIs/KPIs) for evaluating risk management performance – Integrating business continuity and crisis management into the organization’s risk management strategies – Supporting the configuration of the TPRM & Risk Management solution for consistency with local processes – Assisting in reviewing third parties, including due diligence reviews – Performing reviews of vendor engagements, understanding the functions of effective third-party risk Qualifications.
– Bachelor’s Degree in Computer Science, a related field, or equivalent experience required.
If you hold a masters this would be a bonus – Experience of working in a multi cultural work environment – 10 years of experience within the information security domain managing Risk frameworks – Deep understanding and demonstrated experience of the end-to-end risk management lifecycle, including key components and their relationships with internal and external stakeholders – Experience in non-financial/operational risk – developing and implementing risk frameworks, policies, and procedures – Demonstrated experience leading risk management workshops, obtaining and synthesizing inputs from technical and non-technical stakeholders throughout the enterprise – Experience in conducting Third Party reviews is advantageous – Experience operating as part of a GRC program in alignment with common information technology management frameworks such as NIST, ITIL, ISO , etc.
– Security-related qualifications such as CISM or CISSP, CRISC are a plus If this of interest to you then send me your CV today.