Technology Governance and Controls

25 Nov 2024

Vacancy expired!

Overview

Role Overview: We are seeking an established GRC professional that is already in or is ready to step up to a leadership role in a complex, challenging and rewarding environment. The Group Manager, Technology Governance and Controls works closely with, and deputizes for, the existing Head of Technology Governance and Controls and is the de facto successor to that leadership role. This is an excellent opportunity to take up an existing role within the team and help to drive the GRC agenda for our various Cloud initiatives.

Role Description: The successful role holder will:
  • Act as Deputy for the Head of Technology Governance and Controls as well as leading key initiatives across our portfolio;
  • Drive continuous improvements in the quality and value of the services we provide to our stakeholders;
  • Work closely with our technology and information risk management communities across the organization;
  • Develop a detailed understanding of the business direction and priorities, opportunities and challenges to inform and prioritize risk management focus;
  • Perform other duties as required from time to time by the Head of Technology Governance and Controls, or the CIO.
  • Consults on a senior level and provides professional support for major components of the company's information security infrastructure. Contributes to the development and implementation of security architecture, standards, procedures and guidelines for multiple platforms in diverse system environments. Consults with the business and operational infrastructure personnel regarding new and existing technologies. Recommends new security tools to management and reports and provides guidance and expertise in their implementation. Reviews and analyzes highly complex data and information to provide insights, conclusions and actionable recommendations. Defines, implements, and applies area-wide security and/or COB policies and standards by leveraging in-depth knowledge of globally accepted information security and/or COB principles. Addresses high risk security concerns or incidents. Recommends course of action to mitigate risk and ensures that appropriate standards are established and published. Contributes to the achievement of area objectives.

Skills and Experience Required for this Role: The successful candidate could come from almost any sector, industry or organization that already operates a rigorous GRC capability. They will bring with them a wealth of experience managing risk for business and technology. They will also possess the highly developed communications and influencing skills necessary to simplify potentially complex issues and gain commitment and buy-in from key stakeholders.
  • Experience working in previous GRC roles and ability to demonstrate a comprehensive understanding of GRC topics;
  • Demonstrable ability to develop relationships with senior stakeholders, both business and technology, across complex business and legal entity structures;
  • Ability to interpret and present complex GRC topics to a range of audiences, both technical and non-technical and at all levels of the organisation.
  • Hands-on knowledge of industry standard frameworks (e.g. ISO 2700x, NIST CSF, NIST SP800 series, external assessment frameworks (SOC1/SOC2) and privacy regulations (GDPR, etc.);
  • Remain informed on trends and issues in the GRC space, including current and emerging technologies;
  • Self-starter, quick-learner, accustomed to working autonomously and with minimal brief.

Qualifications Required for this Role:
  • Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred
  • 10-12 years of experience in information security or related technology experience required
  • Experience in governance, risk and compliance is highly desirable
  • Experience in the securities or financial services industry is a plus
  • At least five (5) to seven (7) years of working in risk or control management role, or equivalent experience, is highly preferred
  • Experience of working in a Software Development organization, a Cloud-native organization and/or the Financial Services sector (or another highly regulated sector), is highly desirable
  • One or more recognized (and current) professional information security certifications would be beneficial, such as CISM, CISSP, CRISC, or CISA.