Information and Technology Governance & Risk Lead

About DS Smith

DS Smith, an International Paper Company, are a leading provider of sustainable packaging solutions, paper products and recycling services in more than 30 different countries across EMEA with over 30,000 colleagues. 

About the role  

Reporting to Head of I&T GRC, Governance and Risk Lead will be responsible for driving information and cyber security awareness, delivering security awareness training including phishing and facilitation of cyber scenario desktop simulations across central and manufacturing site teams.  

You will review, manage and where required prepare responses to internal and external customer enquiries in relation to information and cyber security arrangements. You will support IT, procurement, legal, data protection and digital security and business stakeholder in relation to supplier information and cyber security due diligence and requirements.

As the successful candidate you will also lead risk-based party security assurance, management, and continuous improvement activities. In addition, facilitate and coordinate IT risk management risk register, tools, process, reporting and review. You will take responsibility for managing a subset of aspects of ISO 27001 related documentation and control activities. 

As the I&T Governance and Risk Lead you will have the responsibility of aspects of the I&T GRC scope, delegated and assigned by the Head of I&T GRC.

Key Accountabilities

• Engage with key IT and business stakeholders in relation to:

  • Risk management.

  • Security awareness training.

  • Facilitation of cyber scenario desktop simulations across central and manufacturing site teams.  

  • Customer security questionnaires.

  • Supplier security reviews, risk management and requirements.

• Manage and continuously improve I&T and Security risks processes in accordance with company risk appetite and tolerance, validating that risk is clearly articulated and management response is well defined. 

• Engage risk review and assurance activities across existing suppliers.

• Provide IT and business advice on aspects of security standards and regulations such as ISO27001, NIST CSF, PCI DSS, NISD and NIS2. 

• Engage with I&T system owners to provide training in relation to information security, cyber resilience, phishing, and facilitation of cyber scenario desktop simulations across central and manufacturing site teams.  

About you   

• Working knowledge of technology and security standards, controls and consequences across both IT and manufacturing environments in manufacturing or similar industries.

• Experience working with information security standards and frameworks such as and regulations such as ISO27001, NIST CSF, PCI DSS, NISD and NIS2. 

• Proven analytical, problem-solving, planning, project delivery and supplier work packages management skills.

• Demonstrable experience of engaging across all levels of a company in relation to information and cyber security risks.

• Working towards or achieved professional certifications (ISO27001 lead, ISC2, CISM or CRISC) advantageous.

Benefits  

• Competitive salary 

• Company bonus

• Pension scheme  

• Life assurance  

• Income protection  

• 25 days holiday plus bank holidays 

• Electric Car / Bike to Work schemes