Job Title: IT/OT Risk Manager
Duration: 3-6 months
Location: Scotland - Perth/Glasgow/Eurocentral/Aberdeen
Hybrid Working: 2-3 days ideally in the office
Description:
Main Purpose of Job
Drive the adoption of risk management framework. Work collaboratively with management to define, communicate and measure key risk and controls for IT and OT risks to be maintained in line with business risk appetite. Provide assurance on the effectiveness of controls and confirm compliance with obligations. Provide key management information to enable the Leadership to make decisions.
Key Accountabilities
1. Support the implementation and operation of the IT Governance, Risk and Compliance framework.
2. Implement and manage the IT risk management framework.
3. Facilitating risk reviews to identify, quantify and mitigate IT & OT risks.
4. Regular stakeholder engagement providing advice and guidance on risk management.
5. Provide assurance on the adequacy of IT & OT controls to manage risk, provide recommendations and monitor progress to ensure controls are improved and effective.
6. Coordinate timely and appropriate actions to be taken in response to audit actions. Support the formulation of delivery plans to address root cause and monitor progress.
7. Involvement in risk mitigation projects as required.
8. Oversight of the progress of audit actions.
9. Monitor and report compliance with relevant policies, standards, procedures, legislation and regulation.
10. Regular liaison with the Cyber Risk, Operational Technology, Information Security team and Risk & Assurance teams across the business and Group.
11. Ensure accurate, timely and relevant reporting on IT & OT Risks to various Risk Boards and Committees.
Education
12. Educated to a degree level or above or at least 3 years' relevant experience
Experience
13. Experience of delivering IT risk, compliance or assurance activities (or equivalent role)
14. Experience of OT Systems, Cyber and Engineering risk management
15. Experience of designing or reviewing IT/OT processes and their controls and performing risk assessments
16. Experience engaging with a wide range of stakeholders
17. Focus on continuous improvement
Business Knowledge
18. Understanding of client's strategy, structure and governance framework
19. Working knowledge of IT and operational risk, IT and enterprise architecture, IT strategy and IT outsourcing, service management and delivery
20. Working knowledge of audit and assurance methods
21. Full IT project lifecycle experience
22. Industry standards, regulation and legislation knowledge
23. Understanding of continuous improvement methodologies
Functional and Technical Skills
24. Good knowledge of IT governance frameworks such as COBIT 5, ITIL, ISO31000, 27005, 38500 and their interactions
25. Ability to perform Risk/Return analysis
26. Ability to work in matrix environments
27. Quality management
28. Works in compliance with Business Principles, Policies and Standards
Communication and Personal Attributes
29. Ability to engage effectively with all stakeholders (internal and external)
30. Fluent communicator, both written and orally, with high attention to detail
31. Strong organisation skills
32. Negotiation and influencing skills
33. Maintain objectivity and impartiality
34. Planning, communication and presentation skills
35. Flexibility to adapt and compromise
36. Ability to carry out self-led learning
Problem Solving, Analysis and Reasoning
37. Able to use multiple problem solving methodologies
38. Adept at identifying appropriate workarounds
39. Experience in resolving complex problems
Accountability and Financial Dimensions
40. Accountable for own work
41. No direct or indirect responsibility for budgets or other financial measures.
Guidant, Carbon60, Lorien & SRG - The Impellam Group Portfolio are acting as an Employment Business in relation to this vacancy.