(Internal Vacancy) Senior Specialist, Information Security, Risk and Compliance
United Kingdom
Save the Children International
This job vacancy is only available to internal applicants of Save the Children International. Unfortunately, external candidates will not be considered for this opportunity. Please check our job listings page for other vacancies that are open to external applicants.
Please note: Please check the role profile for specific location, time zone and language requirements. This recruitment will follow a business-as-usual recruitment process.
Job Title: Senior Specialist, Information Security, Risk and Compliance
Team: Cybersecurity and Information Assurance,
Reports To: Head of Information Assurance and Data Protection Officer
Contract Length: Permanent
Grade: P4
Location: Any approved Save the Children International office location.
Time Zone (that the role holder must be available to work in): Any
Right to Work: The successful candidate must possess the unrestricted right to work in their current or preferred location for the duration of employment.
Language Requirements: English
International Travel Requirements: up to 5-10% (remove if no international travel is required)
Budget Responsibility: None
People Management Responsibility:
Number of people managed in total: 0
Manager of a team: No
Team purpose
The Cybersecurity and Information Assurance team is responsible for safeguarding the confidentiality, integrity, availability of all SCI’s information assets (data and systems). The team is responsible for identifying, assessing and managing cybersecurity and information risk and investigating and managing cybersecurity incidents and data breaches.
Role purpose
The Senior Specialist, Information Security Risk and Compliance Officer will play a key role in ensuring SCI addresses information and cybersecurity risks in a timely and effective manner. Reporting to the Director of Information Security and Data Protection, the role will work closely with colleagues in the cybersecurity operations and information assurance teams as well as teams across IT and the wider organisation to support risk and compliance activities.
The role will be responsible for keeping the IT Risk Register up to date and coordinating risk mitigation actions across the organisation. The role is also responsible for the coordination of all information security compliance activities including Cyber Essentials, ISO27000 and NIST CSF.
Principal Accountabilities
- Support the Director of Information Security with the effective and timely management of all information security risk and compliance activities
- Maintain the IT Risk Register, ensuring that newly identified risks are recorded and assigned to the appropriate risk register
- Schedule and administer risk register review meetings; track open risks and liaise with risk owners to ensure they are addresses
- Coordinate with the IT/TD Project Management Office (PMO) to ensure new projects and initiatives follow prescribed governance processes
- Conduct information security risk assessments and reviews in association with the Cybersecurity Operations Manager and Information Security Architect and communicate risk assessment outcomes to technical and non-technical stakeholders across SCI
- Coordinate all information security compliance activities including internal audits, Cyber Essentials, ISO27000 and NIST CSF
- Work closely with colleagues in the Global IT Operations team to facilitate the annual Global IT Controls Assessment of all Country and Regional Offices
- Coordinate responses to all internal and external audit and assurance activities
- Support and contribute to the development of information security risk and compliance policies, procedures and standards
- Identify opportunities to continually improve SCI’s information security risk and compliance capabilities
Experience and Skills
Essential
- Demonstrable experience working in an information security function or related GRC role.
- Strong knowledge of information security / cybersecurity management principles.
- Working knowledge of at least one globally recognized information security framework such as ISO27000, NIST CSF or Cyber Essentials.
- Experience of conducting information security risk assessments or reviews.
- Demonstrable experience of advising stakeholders in relation to risk remediation.
- Good knowledge of commonly applied technical and organizational information security controls
- Ability to work with a range of business stakeholders to understand and articulate their activities in line with defined standards.
- Good verbal and written communication skills.
- Self-motivated, with a proactive and collaborative approach, and a strong results orientation.
- A commitment to the mission, vision and values of Save the Children.
Desirable
- Knowledge of different information risk assessment methodologies (both qualitative and quantitative).
- Good understanding of Enterprise IT including cloud computing technologies (SaaS/PaaS/IaaS).
- Experience of working with Business Analysts, Project Managers, Change Managers and Project Management Offices.
Key Relationships
Internal (excluding direct team and manager)
- TDIT; Global Safety and Security; Legal; Safeguarding; Country Offices
External
- Information Assurance vendors and partners
- External auditors
- Member IT and information security / data protection teams
Education and Qualifications
Essential
- Undergraduate degree or diploma in a relevant discipline or equivalent work experience.
Desirable
- Post-graduate qualification in information security or relevant industry certification, e.g. CRSIC, CISM, CGEIT, CISA, etc.
Competencies
Cluster: Leading
Competency: Leading and inspiring others
Level: Leading Edge
Behavioural Indicator: Inspires people to reach the highest standards of performance and to feel a sense of pride in belonging to the organisation.
Cluster: Leading
Competency: Developing Self and Others
Level: Accomplished
Behavioural Indicator: Gives regular positive and constructive feedback to others.
Cluster: Thinking
Competency: Problem Solving and Decision Making
Level: Leading Edge
Behavioural Indicator: Identifies and addresses root causes of long-term problems facing the organisation.
Cluster: Thinking
Competency: Innovating and Adapting
Level: Leading Edge
Behavioural Indicator: Promotes a culture and work environment where new ideas take risks and learns from failures.
Cluster: Engaging
Competency: Working Effectively with Others
Level: Leading Edge
Behavioural Indicator: Opens hidden areas of organisational disagreement and drives for collaborative resolution.
Cluster: Engaging
Competency: Communicating with Impact
Level: Leading Edge
Behavioural Indicator: Delivers influential advice and briefings to internal and external audiences to build the call for action.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CISA CISM Cloud Compliance Governance IaaS ISO 27000 NIST PaaS Risk assessment SaaS
Perks/benefits: Career development Travel
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.