Browse by first letter of the job description
Please help us to keep this site free by liking us on Facebook. Click on the Facebook logo and click `like`-thanks
"The database of free job descriptions"
This role is to support the development and implementation of a manual information risk management capability for all sensitive and business critical information assets.
Essentials of the role:
Practical experience of information security
Proven track record of implementing an information risk management capability
Practical experience of implementing an information risk management software tool
Experience of assisting non-technical users with identification of information
In depth Knowledge of a wide range of Information Security Subjects and the Industry Standards,
including ISO27001, required in order to protect data
In depth knowledge of information risk management methodologies.
Ability to communicate and collaborate at all levels of the corporation, and externally
Ability to convey and explain complex technical information to non-technical staff
Practical experience of information asset discovery and data classification.
Practical experience of writing information risk management policy and associated documentation
Excellent written and verbal communication and presentation skills
Effective analytical and creative problem-solving skills
Confidence to make decisions where appropriate and to ask for assistance when necessary
Understanding of the importance of information security to business
Expected to organise own workload within the parameters and timescales set by management.
Ability to manage multiple tasks and workstreams effectively and prioritise accordingly.
Advanced Microsoft Excel skills
Be able to work on own initiative with minimal supervision.
Agile & flexible
Additional Desirables for Role
Previous experience with the creation/maintenance of Information Asset Registers across large
organisations would be beneficial.
Broad infrastructure and technology background including demonstrable understanding of security
Experience working in an organisation with a distributed hierarchy and using multiple outsourced
Technical understanding and experience of enterprise network management and monitoring systems
Background in formal study of information technology, information security or auditing
Understanding of how information security strategy aligns with business and technology strategies
Formal information security qualifications such as CISSP, CISM or CRISC preferred but not essential
Free Job description Information Security Risk Management
Information Risk Management
Assist in the design, testing and implementing a risk management toolset to support the information
risk management processes.
Assist in building a business as usual capability for information risk management.
Support the ongoing development of the information risk management processes.
Assist with the implementation and ongoing management of the manual processes for identifying, assessing, evaluating, responding to and monitoring risks for all sensitive and business critical
Ensure a gap analysis of the current information security controls is undertaken, in the context of the existing identified risks, to highlight specific areas of weakness so that they can be addressed by
considering a prioritised list of recommendations.
Ensure all risk management activities undertaken by the ISGC team are co-ordinated.
Ensure information asset owners, data custodians, risk champions and other key stakeholders have the knowledge and guidance available to them to undertake their information risk
management responsibilities effectively.
Produce regular management reports on the status of information risk across the organisation.
Training and Awareness
Develop a plan for the development of employee awareness of how identification and management of information security risks can be a positive process that can reduce the level of incidents.
Provide guidance and assistance to nominated individuals within each business area to assist them with the production and maintenance of the IAR for their business area.
Prepare relevant sets of risk ‘advice’ for common assets/platforms e.g. documents at home, portable media - creating a ‘knowledge base’ on the intranet for end users.
Develop training materials in conjunction with IS training & awareness specialists for relevant personnel and ensure they are readily available.
Organise and undertake training of relevant personnel
Ensure a communications plan for information risk management is properly implemented.
Assist in review of the information risk management (IRM) policy and assist in the development
Assist in the implementation of projects or programmes of work relating to information security policy, compliance and risk.
Collaborate on other projects in the IS improvement programme to provide consultancy and assistance as required.
Support junior members of ISGC in delivering information risk management capability
Ensure knowledge transfer to other members of the ISGC team.
This will be in order to identify and prioritise risks and put in place action plans for remediating risks to an acceptable level, balancing the operational and economic costs of protective measures.
This will ensure that information risks are managed effectively with responsibilities assigned for ensuring security controls are
implemented effectively and provide assurance that risks are being treated appropriately.