GRC Framework Lead

Location: We operate a flexible, hybrid working environment with the candidate required to travel to our Winchester office up to twice a week.

We offer    

• 95,000 per annum
• 10% Bonus  
• 6% pension contribution 
• Private Medical 
• 25 days annual leave  
• Access to our comprehensive flexible benefits including discounts on big brands, wellness and employee assistance programmes, gymflex, buy and sell annual leave, travel and dental insurance 
• Work. Life. Smarter. Our commitment to a flexible and hybrid working culture 

Key Accountabilities

As a Governance, Risk and Compliance Security Framework Lead, you will be responsible for:

• Developing and maintaining the Information Security Management System scope, policy, objectives, and risk assessment and risk treatment methodology
• Conducting internal audits as part of a team, and supporting with external audits to ensure compliance with ISO27001 and other relevant regulations and standards
• Identifying and assessing information security risks, supporting the Cyber Risk Manager
• Providing guidance and support to other teams and stakeholders on information security best practices and requirements
• Reporting on the performance and effectiveness of the ISMS
• Management of Continual Improvement initiatives, prioritising as per business requirements
• Keeping abreast of the latest developments and trends in information security and ISO27001
• Management of the ISO controls library; continually developing and maintaining
• Excellent communication, presentation, and interpersonal skills
• Strong analytical, problem-solving, and decision-making skills
• A high level of integrity, professionalism, and confidentiality
• Willing to coach and support junior members of the team

Qualifications: 

• A bachelor’s degree in computer science, information technology, Information Security, or another related field
• Certification in ISO27001 Lead Auditor or Lead Implementer
• CISM, CISA, CRISC, CISSP

Required Expertise:     

Extensive experience in: 

• information security frameworks (particularly ISO27001:2013 and 2022)
• In-Depth understanding of ISO27001 requirements and controls
• Transitioning an ISO standard
• Managing a continual improvement programme
• Application of a maturity framework (such as COBIT)
• Management of a security controls library
• Excellent knowledge of Risk Management

Desirable:        

Information Security Forum Standard of Good Practice

Cyber Essentials Plus

NIST Cyber Security Framework

ISO27701, ISO27005, other ISO27000 series

Knowledge of Legal and Regulatory requirements such as: -

• Network Information Systems Directive
• Telecom Security Act 2021
• Data Protection Act

Why join Arqiva? We are the undisputed leader in UK TV and radio broadcast, and the UK’s leading Smart utilities platform. This means we have a strong heritage and foundation for future growth for you to grow your career with us.   

Our journey is to transition global media distribution to cloud solutions, where we aim to double our revenue and continue to grow by being an innovator of scalable solutions for new connectivity sectors. We have opportunities in new technology applications and products, you will have opportunities to learn and develop with us. 

Your wellbeing…. Our wellbeing mission is to help our people to be the best version of themselves at work and still have the time and energy to live a full life outside of work. 

Our focus for 2024 is to Win, Grow, Go Faster – find out more, contact us and apply!  

Inclusive Arqiva ….Our networks include our Diversity Ambassadors, Eldercare, Spectrum, Working Families, Pride, Veterans and Inspiring Women – join and contribute to our active networks! 

#LI-KM1