Connecting to LinkedIn...

Connecting to LinkedIn...

W1siziisijiwmtqvmdkvmzavmtavndevmzevmzkxl3n0b2nrx3bob3rvx2pvynnfynv0dg9ux29ux2tlewjvyxjkxzgwmdu4mtgxlmpwzyjdlfsiccisinrodw1iiiwimtkymhgxmjuwiyjdxq

Director Information Security Policy & Risk Management

Job Title: Director Information Security Policy & Risk Management
Contract Type: Permanent
Location: North America,United States of America
Industry:
Salary: £100167.93 - £117844.62 per annum + Package
Start Date: ASAP
REF: DRISR_40258
Contact Name: John Winfield
Contact Email: johnw@montash.com
Job Published: over 3 years ago

Job Description

Position: Director Information Security Policy & Risk Management

Montash are retained by one of the world's largest consumer goods organisations with revenues in excess of $70bn, a staff of 125,000 and operations in over 100 countries.

The company is heavily federated with numerous operating companies acting independently under the group.

The position in question is for the Director of Information Security Policy & Risk Management who will be responsible for a number of key initiatives within the Group CISO function, namely:

  • Information Security Policy definition
  • Global risk assessment
  • GRC tooling
  • Strategic consulting surrounding the global ISMS implementation.

The successful individual will be a proven leader operating within a global organisation and ideally will have been through an Information Security centralisation journey in the past.

You will manage a team of Senior Managers who head up each of the 4 key initiatives and as such you will be responsible for the end to end definition of the risk management strategy within global information security and will hold the team accountable to the delivery of said strategy.

Key deliverables include:

  • Refinement and delivery of group wide, global ISMS implementation based around ISO27001 standards
  • Management and oversight of enterprise risk assessments throughout all OpCo's globally
  • Maturity of risk management tooling infrastructure
  • Definition of group Information Security standards, policies and procedures
  • Key liaison with internal/external audit, compliance and metrics and Information Security functions
  • Chair of information risk management working groups with stakeholders throughout information security
  • Provide Consultative advice on new risk management principles/methodologies to C level leadership

Qualifications:

  • Expert knowledge of information security management principles such as ISO27001/2
  • 7-10 years' experience delivering risk management within a global environment
  • MSc in Information Security
  • Bachelor's degree in Computer Science or other related field
  • Experience working in IT audit and controls environment
  • Proven reporting to Senior Director/VP Level leadership
  • Management experience of a minimum 5 direct FTE
  • Vendor management exposure

Social Stream

Latest News

W1siziisijiwmtcvmdkvmjkvmdgvmtmvmjkvmjgyl1vudgl0bgvkigrlc2lnbiaomjuplmpwzyjdlfsiccisinrodw1iiiwimzgwedewmcmixv0

Are PSLs a Blocker or an Enabler?

2017-10-02 11:00:00 +0100

The use of a Preferred Supplier List (PSL) was intended to support and strengthen relationships and performance between organisations and their third party suppliers. As the technical landscape continues to evolve at rapid rate recruitment and demand for new skills becomes more intense. Are PSLs still the solution or an obstacle to sourcing the right talent? The traditional PSL A dedicated list of partners intended to guarantee quality and availability ...

W1siziisijiwmtcvmdkvmjevmdgvndmvmduvmtmxl1vudgl0bgvkigrlc2lnbiaomjmplmpwzyjdlfsiccisinrodw1iiiwimzgwedewmcmixv0

Why do we punish the victims of hacking?

2017-09-21 09:00:00 +0100

Hacks occur every 39 seconds, with 95% of them targeting governments, retailers and the tech industry. If the hackers are caught, they'll face prison time under the Computer Misuse Act. More often than not, the businesses who are victims of those attacks expose themselves to punishment of their own. The laws that determine the duty of protection owed to businesses and their customers is both vague and broad, making them question just how much protection...