Head of Governance, Risk and Compliance - Info Sec - 12 Month FTC (London Area)

Position Title: Head of Governance, Risk and Compliance (GRC), Info Sec – 12 Month FTC

Reports to: Global CISO

Location: London

Summary of Position:

This position will report directly to the global CISO and also be responsible for managing a small in-house team who plan, schedule, monitor and report on activities relating to information/cyber security. The role will work in collaboration with Information Technology, Group Risk and Compliance, HR, Facilities and a number of third parties.

Key Responsibilities & Accountabilities:

• Support the Global CISO in maintaining and realising the cyber security strategy
• Take overall responsibility of information security risk and compliance
• Assume responsibility for the BMS Information Security Control Framework
• Produce and maintain a the Information Security governance and oversight target operating model
• Produce policies and supporting governance material
• Take ownership for the Information Security Risk management processes
• Identify information security threats and work with technical teams to understand BMS exposure
• Provide specialist Information Security input to IT and business operations
• Ensure information security initiatives are up to date and security risks are identified and managed
• Investigate, analyse, and review Information Security breaches, including near misses, making recommendations for appropriate control improvements
• Build close relationships with key internal users, senior managers and external suppliers
• Coordinate security plans with third party vendors and ensure output from security services delivered by third parties is acted upon accordingly
• Responsible for management of cyber events, including notification, escalation, response and post incident review
• Adhere to company and regulatory policies, procedures together with mandatory training requirements.

Information Security:

• Experience of managing information security services specifically in relation to service design and on-going management
• Experience developing and maintaining written security controls, compliance monitoring, and defining treatment strategies
• Experience of Information Security risk management concepts
• Experience of Information Security transformation programmes
• Experience of in building and support incident management frameworks.
• Experience of security frameworks such as NIST CSF/ISO-27001

Functional & Behavioural Competencies required:

• Proven leadership skills in a similar Information Security function
• Experience of naturing and retaining a talent
• Proven experience in information security
• Excellent writing and communication skills
• Proven experience in third party supplier and vendor selection and management
• Significant experience and success in managing multiple issues, problems and work streams with a clear ability to prioritise
• Good understanding of culture change techniques when implementing information security improvements
• Ability to consider the implications of process change and potential impact upon the strategies of the global business
• Ability to maintain the integrity of process and approach, as well as controls, for the whole incident management process including the ability to co-ordinate and manage major/highly sensitive investigations with potential for business wide impact/reputational damage

Personally demonstrate the five BMS values and ensure that team members are aligned with these:

• Accountable
• Entrepreneurial
• Collaborative
• Empowering
• Disciplined