Information Risk Manager - Birmingham Airport
The Information Risk Business Manager will report to the CISO and will be responsible for the overall information risk function, providing leadership, co-ordination, analysis and management for all information risk management activities. You'll create and maintain a uniform approach to information risk management including the identification, evaluation, prioritisation, minimisation, monitoring and control of information risks, with a specific emphasis on the supply chain. You will join a multi national business with 5 divisions. This is a central function role which will look across all 5 businesses, therefore advanced communication and influencing skills are required. You will ideally have 5 years+ experience managing information risk for a large PLC business.
- Applies information risk management knowledge, skills, tools and techniques in supporting business personnel, providing best practice advice, guidance, coaching and mentoring to drive the development of an information risk based culture.
- Provides strategic challenge, overview and scrutiny, ensuring alignment with wider information risk management policies and strategic initiatives.
- Provides a single source of truth, ensuring that all information risk documentation is stored correctly and to the required quality.
- Ensures the timeliness and quality of information risk reports, and collects and collates metrics to measure overall and specific performance of the business on information risk matters.
- Champions information risk management, operates as moderator, identifies and prioritises significant risks, ensuring decision making and escalation/resolution where required.
- Provides a macro view of information risk, reports anomalies and concerns, decision and governance support and the tracking of actions.
- Supports information risk management across both IT and business unit teams.
- Assists with the planning, monitoring, and delivery of information risk management activities.
- Ensures repeatable and optimised information risk management processes to eliminate bureaucracy, inefficiency and waste.
- Standardises ways of performing information risk management across teams including the creation of key documentation, and following the information risk process end to end.
- Proactively assist the CISO by providing direct support, expert advice and direction regarding information risk management best practices.
- Actively participates in the development of best practice, policy and procedures, relating to information risk management, providing independent advice as required.
- Demonstrable experience working in and managing information risk management is essential.
- Experience is creating an information risk framework from scratch or improving an existing operation would be advantageous.
- A good knowledge of a GRC tool is desirable and MS Excel is essential.
- Possesses a strong knowledge of different risk methodologies and Standards - ISO27005, IRAM, OCTAVE would be advantageous.
- Proven stakeholder and people manager.
- Experience working with technical and non-technical teams.
For further information please apply.