Position Title: Head of Governance, Risk and Compliance (GRC), Info Sec – 12 Month FTC Reports to: Global CISO Location: London Summary of Position: This position will report directly to the global CISO and also be responsible for managing a small in-house team who plan, schedule, monitor and report on activities relating to information/cyber security. The role will work in collaboration with Information Technology, Group Risk and Compliance, HR, Facilities and a number of third parties. Key Responsibilities & Accountabilities: Support the Global CISO in maintaining and realising the cyber security strategy Take overall responsibility of information security risk and compliance Assume responsibility for the BMS Information Security Control Framework Produce and maintain a the Information Security governance and oversight target operating model Produce policies and supporting governance material Take ownership for the Information Security Risk management processes Identify information security threats and work with technical teams to understand BMS exposure Provide specialist Information Security input to IT and business operations Ensure information security initiatives are up to date and security risks are identified and managed Investigate, analyse, and review Information Security breaches, including near misses, making recommendations for appropriate control improvements Build close relationships with key internal users, senior managers and external suppliers Coordinate security plans with third party vendors and ensure output from security services delivered by third parties is acted upon accordingly Responsible for management of cyber events, including notification, escalation, response and post incident review Adhere to company and regulatory policies, procedures together with mandatory training requirements. Information Security: Experience of managing information security services specifically in relation to service design and on-going management Experience developing and maintaining written security controls, compliance monitoring, and defining treatment strategies Experience of Information Security risk management concepts Experience of Information Security transformation programmes Experience of in building and support incident management frameworks. Experience of security frameworks such as NIST CSF/ISO-27001 Functional & Behavioural Competencies required: Proven leadership skills in a similar Information Security function Experience of naturing and retaining a talent Proven experience in information security Excellent writing and communication skills Proven experience in third party supplier and vendor selection and management Significant experience and success in managing multiple issues, problems and work streams with a clear ability to prioritise Good understanding of culture change techniques when implementing information security improvements Ability to consider the implications of process change and potential impact upon the strategies of the global business Ability to maintain the integrity of process and approach, as well as controls, for the whole incident management process including the ability to co-ordinate and manage major/highly sensitive investigations with potential for business wide impact/reputational damage Personally demonstrate the five BMS values and ensure that team members are aligned with these: Accountable Entrepreneurial Collaborative Empowering Disciplined