Information and Technology Governance & Risk Lead
Information and Technology Governance & Risk Lead
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
About DS Smith
DS Smith an International Paper Company are a leading provider of sustainable packaging solutions paper products and recycling services in more than 30 different countries across EMEA with over 30000 colleagues.
About the role
Reporting to Head of I&T GRC Governance and Risk Lead will be responsible for driving information and cyber security awareness delivering security awareness training including phishing and facilitation of cyber scenario desktop simulations across central and manufacturing site teams.
You will review manage and where required prepare responses to internal and external customer enquiries in relation to information and cyber security arrangements. You will support IT procurement legal data protection and digital security and business stakeholder in relation to supplier information and cyber security due diligence and requirements.
As the successful candidate you will also lead risk-based party security assurance management and continuous improvement addition facilitate and coordinate IT risk management risk register tools process reporting and review. You will take responsibility for managing a subset of aspects of ISO 27001 related documentation and control activities.
As the I&T Governance and Risk Lead you will have the responsibility of aspects of the I&T GRC scope delegated and assigned by the Head of I&T GRC.
Key Accountabilities
Engage with key IT and business stakeholders in relation to:
Risk management.
Security awareness training.
Facilitation of cyber scenario desktop simulations across central and manufacturing site teams.
Customer security questionnaires.
Supplier security reviews risk management and requirements.
Manage and continuously improve I&T and Security risks processes in accordance with company risk appetite and tolerance validating that risk is clearly articulated and management response is well defined.
Engage risk review and assurance activities across existing suppliers.
Provide IT and business advice on aspects of security standards and regulations such as ISO27001 NIST CSF PCI DSS NISD and NIS2.
Engage with I&T system owners to provide training in relation to information security cyber resilience phishing and facilitation of cyber scenario desktop simulations across central and manufacturing site teams.
About you
Working knowledge of technology and security standards controls and consequences across both IT and manufacturing environments in manufacturing or similar industries.
Experience working with information security standards and frameworks such as and regulations such as ISO27001 NIST CSF PCI DSS NISD and NIS2.
Proven analytical problem-solving planning project delivery and supplier work packages management skills.
Demonstrable experience of engaging across all levels of a company in relation to information and cyber security risks.
Working towards or achieved professional certifications (ISO27001 lead ISC2 CISM or CRISC) advantageous.
Benefits
Competitive salary
Company bonus
Pension scheme
Life assurance
Income protection
25 days holiday plus bank holidays
Electric Car / Bike to Work schemes
Employment Type
Full-Time
