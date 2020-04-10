Interim Head of Group Security Assurance

This business is implementing a cyber security control assurance capability, which will enable them to measure and report on the design and effectiveness of cyber security controls. The starting point for this capability is the Group Global Cyber Security Policy which applies to all of the businesses divisions and is approved and signed off by the Board.



We are looking for an experienced senior leader in the cyber, risk or internal controls within the information security space, who can take charge of this initiative and capability to deliver on the outcomes the Group have committed to the Board. Reporting to the CIO, this role can be based in either Ireland or London.



We are looking for someone who understands information security risks and controls but can also deliver to agreed targets. In essence, the capability is designed, and we need someone who can land it. The scope of the work is for all divisions spanning operations across the globe in mainland Europe North America, and the APAC region, although there will be very limited travel. You will begin remotely in any case due to the current lockdown.



This is not a hands on role and is not a technical role. We need someone with a good risk focus, who can deliver across geographies, across brand initiatives. Someone ideally who has been in a technical role but moved into the programme and business side. People from any background (non-financial services, or financial services) would work given the broad risk profile of the business given the diverse risk profile of the company. Inter-personally, we're looking for a true leader - someone who's engaging but can push back to senior management when needed.



Experience/skills required:

• Previous experience in a risk, controls, assurance or security leadership role. • A good grasp as to how risks and controls can be linked. • A proven track record on delivering a control assurance capability would be preferred. • Understanding of risk/cyber security frameworks such as ISO27001, COBIT, NIST, etc.

Key competencies:

• Ability to plan – work with the team to create a credible plan to deliver the outcome across all Group divisions. • Delivery focused – the ability to get work done whilst sticking to the plan. • Communication - the ability to update key stakeholders on progress to the plan, whilst working with the wider team to come up with an effective strategy to communicate on the design and effectiveness of the cyber security controls. • Stakeholder management – ensure that the Group is working well with all stakeholders and see the value of the capability.

