Position: Director Information Security Policy & Risk Management
Montash are retained by one of the world's largest consumer goods organisations with revenues in excess of $70bn, a staff of 125,000 and operations in over 100 countries.
The company is heavily federated with numerous operating companies acting independently under the group.
The position in question is for the Director of Information Security Policy & Risk Management who will be responsible for a number of key initiatives within the Group CISO function, namely:
- Information Security Policy definition
- Global risk assessment
- GRC tooling
- Strategic consulting surrounding the global ISMS implementation.
The successful individual will be a proven leader operating within a global organisation and ideally will have been through an Information Security centralisation journey in the past.
You will manage a team of Senior Managers who head up each of the 4 key initiatives and as such you will be responsible for the end to end definition of the risk management strategy within global information security and will hold the team accountable to the delivery of said strategy.
Key deliverables include:
- Refinement and delivery of group wide, global ISMS implementation based around ISO27001 standards
- Management and oversight of enterprise risk assessments throughout all OpCo's globally
- Maturity of risk management tooling infrastructure
- Definition of group Information Security standards, policies and procedures
- Key liaison with internal/external audit, compliance and metrics and Information Security functions
- Chair of information risk management working groups with stakeholders throughout information security
- Provide Consultative advice on new risk management principles/methodologies to C level leadership
- Expert knowledge of information security management principles such as ISO27001/2
- 7-10 years' experience delivering risk management within a global environment
- MSc in Information Security
- Bachelor's degree in Computer Science or other related field
- Experience working in IT audit and controls environment
- Proven reporting to Senior Director/VP Level leadership
- Management experience of a minimum 5 direct FTE
- Vendor management exposure