Responsibilities
- Own and lead UKRI’s Information Security Governance, Risk and Assurance framework.
- Own, operate and continuously improve the Information Security Management System (ISMS).
- Provide end-to-end security assurance for cloud and enterprise services (AWS and Azure).
- Define and maintain UKRI’s security policy and control framework.
- Enable and support risk ownership across UKRI’s federated technology and business teams.
- Develop and maintain meaningful security metrics, dashboards and management information.
- Define, deliver and track a multi-year security governance, risk and assurance roadmap.
- Lead security assessment, testing and remediation activity.
- Provide ongoing oversight of supplier and third-party security risk.
- Establish and maintain enterprise visibility of assets, services and data risk context.
- Provide governance leadership across incident management, people, suppliers and assurance partnerships.
- Ensure governance-level oversight of significant security incidents.
Qualifications
- Degree in a related subject or relevant comparable education.
- A professional qualification (e.g., CISM, CISSP, CCSP, ISO 27001 Lead Implementer/Lead Auditor).
- Effective decision-making, communication and interpersonal skills, with the ability to adapt communication style and approach to different environments and audiences.
- Self-motivated, shows initiative and works with minimal direction, demonstrating strong customer focus.
- Changing and improving processes, systems, and people to achieve positive outcomes.
- Strong knowledge of information security governance, risk management and compliance, including operating within an ISO/IEC 27001 management system.
- In-depth understanding of cloud security principles and practices for AWS and Azure, including secure configuration, identity, logging, network controls and data protection.
- Ability to coordinate and communicate security risk issues at a senior level and propose solutions that are appropriate, proportionate and effective.
- Strong problem-solving and analytical skills, including interpreting technical evidence and translating it into business risk.
#J-18808-Ljbffr…
