Senior Manager, Controls & Standards Governance

Responsible for Control library, Cybersecurity controls assessments and Standards Governance.

Key Responsibilities

• Lead the oversight of the Cybersecurity controls environment
• Lead the development and governance of the Cybersecurity standards
• Roll out the GRC Cybersecurity controls framework while balancing the approach with end user experience and compliance to NIST FSSCC.
• Working with Controls Owners in partnership with other Cybersecurity and Technology stakeholders, evaluate and perform an end-to-end analysis of standards and the controls library and identify significant gaps and weaknesses and determine root cause of control deficiencies.
• Develop creative and innovative solutions to manage risk, ensuring that controls and metrics are properly designed, operating effectively, and essential to a proactive risk and control culture that leverages proven evaluation strategies and sound change management protocols.
• Engage collaboratively With Control Owners, regardless of geographic location, providing support across Cybersecurity.
• Update controls and their associated standards and metrics, and be a proactive adviser across the three lines of defence, identifying Cybersecurity risk issues and recommending solutions.
• Monitor the health of the controls library with respect to technical and operational processes.
• Be a part of a team providing independent review of design and control effectiveness.

Leadership responsibilities

• Ongoing and periodic risk and control assessment cycles and reporting
• A fit-for-purpose Cybersecurity Controls Library using key risk metrics, indicators and industry standards.

Impact

• This will be a high-profile role responsible for supporting audit and assurance engagements.

Experience

• Understanding and working knowledge of control frameworks based on industry best practices such as NIST, COBIT, and ISO27001.
• Cyber security qualification e.g. CISSP / CISM (desirable)
• Degree in Cyber, Information Security or IT management
• Demonstrable working knowledge and understanding of key cyber security controls such as Vulnerability Management, Identity & Access Management, Authentication and Authorisation systems, Data Protection, Application Security, Secure Application Development practices, Third-Party and Cloud security.
• IT and cybersecurity policies and standards
• Operational risk frameworks
• Regulatory compliance
• Technology resiliency

Leadership and management experience

• Experienced leader with 10+ years' experience in a regulated environment with risks, controls and metrics within Technology environments.