Register Your Interest - IT Risk and Security Placement
Primary Purpose of the Job
The purpose of the IT Risk and Security Undergraduate role is to undertake specified initiatives and support workstreams across the InfoSec and GRC functions within VWFS IT. The role will provide timely feedback to divisional managers and leads, ensuring progress continues and exceptions are identified and escalated for on-going management
This role is crucial in providing enterprise-wide security and governance capabilities to meet changing internal and external threat scenarios, while supporting the achievement of IT and Organisational strategic objectives through clear communication, proactive engagement and collaborative efforts within and without IT.
Main Responsibilities
* Support the ongoing monitoring and analysis of IT Vulnerabilities, Risks, ensuring risks relating to the use, ownership, operation and adoption of IT remain within tolerances and on-plan
* Develop, manage and support IT Security and Risk monitoring & reporting activities to ensure transparency and enable effective managerial decision making
* Support the co-ordination of IT Security and Risk assessments to identify deficiencies across the Organisation
* Work with multiple IT managers to develop & embed analytics
* Responsible for planning and co-ordinating regulatory driven processes and associated remediation activities to ensure mitigating activities are delivered successfully
* Maintenance and monitoring of the actions captured and tracked within the IT Risk Treatment Plan, including vulnerabilities, issues and risks
* Responsible for supporting and aligning IT Security and Risk documentation with published HQ global standards, local needs and leading practice
* Plan, develop and conduct regular training for employees in risk management, both in policy & processes
* Work closely with the IT Supplier Management Team to monitor and collate risks relating to outsourced VWFS UK partners and 3rd parties
Principal Contacts / Working Relationships
* Reports to the GM InfoSec/GRC and supports decision-making and provision of recommendations to improve the security and risk posture of IT at VWFS UK.
* Daily collaboration with GRC and InfoSec Managers and Leads, as well as those across the IT department to conduct process monitoring, reporting and improve efficiency of work .
* Regular contact with stakeholders across all levels of the wider business (VWFS) in the management of security threats and/or risks and controls.
Decision Making Scope
* Reviews and queries KRI, risk and vulnerability information provided in the course of the role, and whether escalation to Leads or Management is required.
* Determines the priority of issues within their own workstreams and initiatives (where not provided by a GM or Lead) and manages escalations and communications from those workstreams.
Key Challenges
* Keeping up-to-date knowledge of PCI-DSS, compliance and information security industry standard practice
* Managing risk and security in a changing business landscape, e.g. digital, data, IT failure, fraud, etc.
* Managing workflows of high volumes of data to ensure Leads and Management have clear information on which to base decisions
* Maintaining engagement with disparate stakeholders outside immediate area through supportive and collaborative working practices
Education, Training and Experience
* You will be enrolled at a University which offers a 1 year industrial placement
* Working towards an IT or Business related degree
* Interested in risk management including technologies & systems
* Knowledge of ISO27001, COBIT and ISO22301
Skills and Personal Characteristics Required
* Unimpeachable integrity that is demonstrated at all points
* Exceptionally high-level attention to detail, with a methodical and structured approach to issues
* Able to remain calm, organised and pragmatic when faced with multiple priorities
* Team player, but with the ability to collaborate and work independently
* Curious and questioning, with a proactive approach to seeking clarity and their own learning
* Good oral and written communication skills required; must be able to confidently present and communicate effectively
Career Path
Equivalent jobs which could constitute lateral moves:
* IT Security/Risk Analyst
On leaving this job, a job that would be considered a promotion is:
* IT Security/Risk Senior Analyst
How to register
To get updates about this role and be the first to hear when applications open, please register your interest.