Join to apply for the Information & Resilience Risk Manager role at Thomas Miller
Talent and Development Professional @ Thomas Miller | L&D, Recruitment
12 month maternity cover contract.
Overall Objective of Role:
To support the Group’s information security, data privacy, and business continuity frameworks to manage risks and defend the Group from internal and external threats, ensuring compliance with relevant requirements.
Main Responsibilities
* Supporting the maintenance and development of the Thomas Miller Group information security, data privacy, and business continuity management framework.
* Working closely with Group IT to facilitate and monitor security controls and related capabilities.
* Monitoring and reviewing suppliers, assets, and services for threats and risks.
* Providing guidance on information security policy and practice, in consultation with the Head of Information and Resilience Risk.
* Promoting the benefits of information security through briefings and representation.
* Facilitating and administering relevant training and awareness activities.
* Assisting in developing and maintaining policies, processes, and reports to safeguard business requirements.
* Generating reports and management information related to security, privacy, and business continuity.
* Reviewing externally commissioned security testing and working to resolve deficiencies.
* Participating in incident management related to information security, data privacy, and business continuity.
Projects and Other Tasks
* Working flexibly to handle unpredictable and varied tasks outside the scope of the core responsibilities.
* Handling unforeseen circumstances or changes, with regular responsibilities updated in the job description.
Impact
* Providing advice and support to embed information security and address emerging threats.
* Supporting ISO 27001 certification and modeling information security according to NIST CSF.
* Monitoring security posture against industry best practices and advising on threat landscape.
Person Specific
* Practical experience in information security management, risk management, or related fields.
* Experience in reporting, threat and vulnerability management, and understanding of relevant technologies and controls.
* Knowledge of industry standards like ISO 27001, NIST, and relevant certifications such as CISMP or SSCP.
* Understanding of security testing, incident management, and familiarity with Microsoft Office suite.
Seniority level
* Mid-Senior level
Employment type
* Contract
Job function
* Other
Industries
* Insurance
#J-18808-Ljbffr