Job Description

The Security & Data - Governance, Risk & Control Specialist is responsible for supporting and managing implementation activities aimed at achieving the organisation's security and data governance, risk & control objectives.

This role:

Sits in the first line of defence (1LOD) supports compliance with relevant laws, regulations, and industry standards related to information security and data governance, risk & control, working closely with the business to drive initiatives. Supports the Technology and Business functions at a local and Group level in delivering the changes needed to implement industry best practice and meet regulatory requirements.
A high level of collaboration and communication skills along with project management and GRC experience will be required, as the role will help co-ordinate the management and delivery of key changes to address new regulatory compliance requirements.

Requirements

Competence - Experience

Required

Extensive experience in information security governance, risk and compliance, and UK and EU data privacy regulations. Proven experience in leading complex IT, and security data governance, risk and control projects. Knowledge of Operational Resilience, DORA, and Data Governance frameworks. Strong technical proficiency. Proficiency in data lifecycle management, including data classification, data quality, and metadata management. Ability to identify, assess, and mitigate risks related to security and data. Ability to develop, implement, and enforce security policies, procedures, and standards.

Knoweldge

Required

Security Frameworks and Standards: Familiarity with industry-standard security frameworks such as ISO 27001 and NIST. Data Protection Laws and Regulations: Knowledge of data protection laws, such as UK Data Protection Act 2018, and EU GDPR, and how they impact data governance practices. Project Management: Proficiency in managing security and data governance projects, including budgeting, resource allocation, and timeline management. Risk Assessment and Management: Ability to conduct risk assessments and implement risk management strategies to mitigate potential security threats.

Preferred

Security Frameworks and Standards: Familiarity with industry-standard security frameworks such as COBIT, and CIS Controls. Knowledge of project management frameworks and governance procedures including agile methodologies Emerging Threats and Technologies: Continuous learning to stay abreast of emerging security threats and new technologies that can enhance security posture. Data Governance Principles: Understanding of data governance frameworks and best practices. Cybersecurity Technologies: Understanding of the technologies used to protect an organisation's systems and data, including firewalls, intrusion detection systems, encryption, and access control mechanisms.

Skills

Required

Excellent verbal and written communication skills with ability to communicate at all levels of the organisation Project management / Planning and implementation Organisational skills Personal time management Strong interpersonal and collaborative skills Ability to establish relationships and influence key stakeholders at all levels Energetic and driven with a flexible 'can do attitude'

Preferred

Financial management Skills in policy development Communication: Skills to effectively communicate security policies and train staff on security best practices and data handling procedures.

Responsibilities

Overall responsibilities

Liaise and manage relationships with key business stakeholders to clarify and implement the requirements to drive automation of data loss protection (DLP), data retention, and data subject rights management. Support and manage initiatives that deliver compliance with DORA, Operational Resilience, and Data Governance requirements. Support the implementation of changes to cyber security and data privacy policies and procedures, taking account of the business' legal, regulatory and operational requirements. Support the implementation of a Group data governance strategy. Identify and review risks related to full lifecycle IT, security and data Define controls in line with Security & Data Governance Policies, Standards and Procedures to mitigate risks identified Support implementation of relevant controls across the Group. Test the design effectiveness and operational effectiveness of relevant controls on a periodic basis, and report on effectiveness. Provide regular updates to senior management on progress of related projects. Stay updated on industry trends, best practices, and regulatory changes related to data governance, security, and operational resilience.

Security Governance

Support the development and maintenance of the RiverStone security governance framework, including policies, standards, procedures, and guidelines - in line with regulations and best practice (e.g. ISO27001, NIST). Collaborate with stakeholders to ensure alignment between security governance and business objectives Support risk assessments and implementation of risk mitigation strategies. Drive the definition, implementation and maintenance of security controls and safeguards Monitor and report on the design and operational effectiveness of information security processes and controls.

Data Governance

Support the development and maintenance of information security and data governance policies and procedures in compliance with relevant laws and regulations (e.g. Operational Resilience, DORA, GDPR, CCPA). Support the implementation of data classification and data handling procedures. Support data privacy impact assessments and risk management activities, where appropriate. Collaborate with cross-functional teams to ensure data governance requirements are met. Support monitoring and reporting on data protection compliance and incidents.

Job Benefits

We believe in taking care of our team and helping our employees thrive both professionally and personally.
Our benefits include:

Private Medical and Dental cover - Comprehensive Private Medical and Dental Insurance schemes with Bupa Health and Wellness -including access to our Employee Assistance Programme, Headspace subscription, Mental Health First aiders at each site, up to five funded counselling sessions per year, annual health check-up and eye test voucher Wellbeing Allowance - Can be used towards either physical or mental health wellbeing activities 25 days' holiday per year - plus bank holidays and office closure on Christmas Eve. Holiday entitlement increases with length of service Bonus scheme - dependent on achieving individual, department and company goals Pension - a non-contributory defined contribution pension scheme Life Assurance - provides a lump sum 10 x your salary Permanent Health Insurance Scheme - scheme pays benefits during a prolonged period of illness or disability lasting more than 26 weeks Parental Leave - Enhanced Maternity, Paternity and Shared Parental Leave policy Training and development - Company funding for professional qualifications that would be beneficial for your role Volunteering and charity - triple matching donations made independently or via our Give As You Earn scheme, Give A and two paid volunteering days per year to help give back to our local communities Cycle To Work Scheme - a tax efficient way to purchase a bicycle Interest Free Travel Loan - to assist with commuting costs Travel Insurance - business and personal travel Sports and Social - active sports and social committee that organizes subsidised events.
Working hours: Our standard working hours are from 09.30 a.m. to 5.30 p.m. Full time employees are to be in the office for 3 days per week, with 2 days working from home.

Job Types: Full-time, Permanent

Pay: 85,000.00-95,000.00 per year

Work authorisation:

United Kingdom (required)
Work Location: In person