Cyber Security (Governance, Risk & Compliance) Lead

We are seeking a highly skilled and experienced Security Governance, Risk, and Compliance (GRC) Lead to join our dynamic team. As the Security GRC Lead, you will play a critical role in establishing and maintaining and effective security governance framework, managing risk assessments and ensuring compliance with relevant regulations and standards., As a Security GRC Lead you will provide SME oversight for all Security Governance, Risk Management and Compliance aspects. Reporting to the Chief Information Security Officer (CISCO) and help the society clearly understand their exposure to cyber security threats by remaining current with the continually evolving information security threat landscape and using this to be 'threat-led' in relevant work.,

• Understand the business context and develop, implement and maintain a comprehensive security governance framework across all areas of the society.


• Define, help implement and enforce security policies, standards and procedures.


• Collaborate with key stakeholders to ensure alignment of security initiatives with business objectives, drivers and demands.



• Risk Management:



• Lead and conduct regular risk assessments to identify and evaluate potential security risks at a business function, process and technical level clearly articulating both verbally and in writing to key stakeholders.


• Review the effectiveness of controls and countermeasures (in relation to known control frameworks as appropriate) and propose, develop and implement proportionate risk mitigation strategies and improvements.


• Monitor and report on the status of identified risks to senior management, the society's information security forum and other governance committees. Chair security committees, as directed.



• Compliance:



• Ensure compliance with applicable laws, regulations and industry standards.


• Stay current with evolving regulatory requirements and update security controls accordingly.


• Manage and coordinate internal and external security control assessments and audits.



• Security Awareness:



• Develop and delivery security awareness programmes for employees.


• Foster a culture of security consciousness throughout the society.



• Incident Response:



• Establish and maintain and incident response plan.


• Lead incident response efforts collaborating with relevant teams to contain and mitigate security incidents.
  
  Security qualifications in relevant fields (e.g., CISSP, CISM, CRISC, ISO 27001LI/LA) preferred.


• Proven experience in security governance, risk management and compliance.


• Strong understanding of relevant regulations and standards (e.g., GDPR, ISO 27001, NIST).


• Excellent communication and collaboration skills., Excellent interpersonal skills as well as both written and verbal communication and presentation skills.


• Have a minimum of 5 years of experience in security GRC roles.


• Have a strong experience in a commercial industry such as financial services, banking, insurance.


• Practical understanding of technical aspects of cyber security (e.g., threat modelling, vulnerability management, penetration testing, protective monitoring)


• Azure Cloud Security, Exchange Online, and MS Defender experience would be beneficial.


• Conditional Access policy knowledge and be confident in preparing technical risk assessments.


• Demonstrated success in implementing and managing security governance frameworks.


• Track record of effectively managing security risk and ensuring compliance.


• Understanding of regulatory requirements, standards and frameworks such as CQUEST, ISO 27001, and Cyber Essentials.
  
  At the West Brom we appreciate that our employees are unique individuals with differing needs depending on their specific circumstances and stages in life. When we say our people are the West Brom's biggest asset that doesn't mean just viewing them as employees. We are proud of our heritage and absolutely believe that the West Brom is a great place to work.