Cyber and IT Risk Manager
Cyber and IT Risk Manager
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Vacancy: Cyber and IT Risk Manager
The Purpose of the Cyber & IT Risk Manager is to complement and enhance Johnson Mattheys cyber security and IT/OT risk posture by identifying assessing analysing and communicating IT and cybersecurity risks and both the existence and efficacy of controls relating to those risks. The role is responsible for ensuring that the organisation understands prioritises and appropriately manages its cyber and IT risks with clear ownership and action plans being defined and progressed.
Johnson Matthey a FTSE 250 company is a global leader in sustainable technologies specialising in catalysis precious metal products chemicals and process technology. With operations in over 30 countries we employ more than 13000 people. Johnson Matthey uses science to make the world cleaner and healthier. Over the past two centuries we have built our reputation and place as a global leader through quality integrity and innovation. Today more than 93 of the groups sales come from products and services which provide sustainability benefits through the positive impact they have on the environment resource efficiency and human health but thats not enough. We have ambitious plans for growth and need talented individuals to help shape and lead us into our next century.
Your responsibilities:
- Develop implement schedule and drive a cyber and IT risk management program which includes regular assessment prioritisation and review of remediation and mitigation activities with clearly defined management ownership.
- Ensure that the risk management program is aligned with business priorities and risk appetite assessing and clearly communicating those risks in a nontechnical easily digestible manner that ensures all stakeholders can make informed decisions on these risks.
- Ensure that risks are assessed recorded and communicated at the appropriate level of detail for both the audience and their effective mitigation including maintaining a clear view of the linkages to enterpriselevel (principal) risks and what actions drive a reduction in those risks. Ensure a clear risk hierarchy.
- Engage with senior leaders across both IT and business units to drive pragmatic action plans for mitigation including supporting the development of business cases.
- Developing and maintaining risk management processes procedures and tools to ensure timely identification assessment and mitigation of risks.
- Own and manage the security impact assessment process ensuring that JM gains early visibility of potential risks associated with proposed changes. Ensure that this process is linked to the wider risk management process with appropriate visibility provided to relevant stakeholders.
- Own and manage the thirdparty risk management process ensuring an effective prioritisation and tiering model is in place to identify and assess third parties that pose the most significant risk to JM. Ensure a clear thirdparty risk reporting capability is in place to enable JM to make appropriate decisions regarding its thirdparty risk profile.
- Developing maintaining and operating cyber and IT controls assurance processes including being responsible for the JM ITGC framework and ensuring system owners understand their responsibilities.
- Conduct thorough assessments of control environments systems processes and practices to identify control gaps including those associated with audit actions customer and stakeholder requirements. Ensure effective action is taken to resolve any issues and identify root causes and remediations that can be addressed through continual improvement.
- Act as point of contact and coordination for cyber and ITrelated audits ensuring accurate information is provided and collating inputs from relevant teams.
- Keep up to date with regulatory and legislative developments relating to cyber and IT identifying and assessing any changes that are relevant to JM and developing recommendations and action plans communicating these as necessary to senior management.
Requirements for the role:
- Experience and knowledge of cyber and IT controls and supporting associated audits
- Technical and/or practical experience of:
Cyber security controls/capabilities and relevant standards e.g. ISO27001
IT controls implementation and assurance including but not limited to IT general controls
Enterprise software capabilities and technologies including but not limited to ERP CRM enterprise operating systems (e.g. Windows/Linux)
Relevant legislation such as NIS2 GDPR and Computer Misuse Act
Relevant industry standards such as MITRE and NIST
Risk management best practices
- Demonstrable experience in technology securityrelated roles with demonstrable experience of identifying and managing information security risks in complex or critical scenarios
- IT and/or cybersecurity risk management experience
- Knowledge and experience of writing technical reports documentation policies and standards accurately and to designated timescales.
- Understanding of enterprise IT infrastructure and architectures
How you will be rewarded:
We offer a competitive compensation and benefits package including bonus excellent pension contributions and 25 days annual leave (varies for shiftbased roles).
At JM an inclusive culture is integral to our values and ambitions for the future. We are committed to ensuring that everyone can bring their full self to work and thrive in their career. Welcoming everyone to JM regardless of their unique characteristics experiences or thoughts allows us to bring many different voices and experiences together to tackle the worlds biggest challenges. Being truly inclusive means that all colleagues feel valued for their differences views and contributions and feel a sense of belonging at JM.
Johnson Matthey is open for discussion on part time job share and flexible working patterns
Closing date for applications: This job advertisement will be posted for a minimum of 2 weeks early application is advised
For any queries or should you require any reasonable adjustments to support your application please contact
To submit your application please click the Apply button online.
All applications are carefully considered and your details will be stored on our secure Application Management System. This is used throughout Johnson Matthey for the selection of suitable candidates for our vacancies as they Matthey respects your privacy and is committed to protecting your personal information.
For more information about how your personal data is used please view our privacy notice: Johnson Matthey Privacy Notice. By applying for this role and creating an account you are agreeing to the notice.
Johnson Matthey Plc is an equal opportunities employer and positively encourages applications from suitably qualified and eligible candidates regardless of sex race disability age sexual orientation marriage or civil partnership pregnancy or maternity religion or belief.
Required Experience:
Manager
Employment Type
Full-Time
