Free Job Descriptions

Browse by first letter of the job description

twitter facebook

Please help us to keep this site free by liking us on Facebook.  Click on the Facebook logo and click `like`-thanks

Free Job Descriptions

"The database of free job descriptions"



























HUMAN-RESOURCES-OR-WAS-IT-HUMAN-REMAINS-COVER-web Ain`t Enough Cooking Shows On TV-Charlesy-web Guitars-Together We Feel Good-man-tattoos Guitars-Together We Feel Good-man-tattoos

Information Security Risk Management job description

Job Summary-Information Security Risk Management job description

This role is to support the development and implementation of a manual information risk management capability for all sensitive and business critical information assets.  

Main responsibilities-Information Security Risk Management job description

Knowledge, Skills and Abilities-Information Security Risk Management job description

Essentials of the role:


Practical experience of information security

Proven track record of implementing an information risk management capability

Practical experience of implementing an information risk management software tool


Experience of assisting non-technical users with identification of information


In depth Knowledge of a wide range of Information Security Subjects and the Industry Standards,

including ISO27001, required in order to protect data


In depth knowledge of information risk management methodologies.

Ability to communicate and collaborate at all levels of the corporation, and externally

Ability to convey and explain complex technical information to non-technical staff


Practical experience of information asset discovery and data classification.

Practical experience of writing information risk management policy and associated documentation

Excellent written and verbal communication and presentation skills












Effective analytical and creative problem-solving skills

Confidence to make decisions where appropriate and to ask for assistance when necessary

Understanding of the importance of information security to business

Expected to organise own workload within the parameters and timescales set by management.

Ability to manage multiple tasks and workstreams effectively and prioritise accordingly.

Advanced Microsoft Excel skills

Be able to work on own initiative with minimal supervision.

Agile & flexible


Additional Desirables for Role


Previous experience with the creation/maintenance of Information Asset Registers across large

organisations would be beneficial.


Broad infrastructure and technology background including demonstrable understanding of security



Experience working in an organisation with a distributed hierarchy and using multiple outsourced

support companies


Technical understanding and experience of enterprise network management and monitoring systems


Background in formal study of information technology, information security or auditing


Understanding of how information security strategy aligns with business and technology strategies




Formal information security qualifications such as CISSP, CISM or CRISC preferred but not essential


Free Job description Information Security Risk Management

Information Risk Management


Assist in the design, testing and implementing a risk management toolset to support the information

risk management processes.


Assist in building a business as usual capability for information risk management.

Support the ongoing development of the information risk management processes.


Assist with the implementation and ongoing management of the manual processes for identifying, assessing, evaluating, responding to and monitoring risks for all sensitive and business critical

information assets.


Ensure a gap analysis of the current information security controls is undertaken, in the context of the existing identified risks, to highlight specific areas of weakness so that they can be addressed by

considering a prioritised list of recommendations.


Ensure all risk management activities undertaken by the ISGC team are co-ordinated.


Ensure information asset owners, data custodians, risk champions and other key stakeholders have the knowledge and guidance available to them to undertake their information risk

management responsibilities effectively.


Produce regular management reports on the status of information risk across the organisation.


Training and Awareness


Develop a plan for the development of employee awareness of how identification and management of information security risks can be a positive process that can reduce the level of incidents.


Provide guidance and assistance to nominated individuals within each business area to assist them with the production and maintenance of the IAR for their business area.


Prepare relevant sets of risk ‘advice’ for common assets/platforms e.g. documents at home, portable media - creating a ‘knowledge base’ on the intranet for end users.


Develop training materials in conjunction with IS training & awareness specialists for relevant personnel and ensure they are readily available.


Organise and undertake training of relevant personnel


Ensure a communications plan for information risk management is properly implemented.



Assist in review of the information risk management (IRM) policy and assist in the development




Assist in the implementation of projects or programmes of work relating to information security policy, compliance and risk.









Collaborate on other projects in the IS improvement programme to provide consultancy and assistance as required.


People management


Support junior members of ISGC in delivering information risk management capability


Ensure knowledge transfer to other members of the ISGC team.


This will be in order to identify and prioritise risks and put in place action plans for remediating risks to an acceptable level, balancing the operational and economic costs of protective measures.


This will ensure that information risks are managed effectively with responsibilities assigned for ensuring security controls are

implemented effectively and provide assurance that risks are being treated appropriately.