Full-Time Head of Security Governance Risk and Compliance
Please apply direct on Civil Service Jobs: https://www.civilservicejobs.service.gov.uk/csr/jobs.cgi?jcode=1651140 Before the 3rd November 2019.
• Accountable for the development, implementation and evolution of a fit-for-purpose GRC vision, strategy and architecture that enables and facilitates HMRC’s business objectives, cross-government strategies and plans, and ensures senior stakeholder buy-in and mandate.
• Collaborate with HMRC stakeholders, partners, vendors and other third parties to facilitate risk assessment and risk management processes related to relevant disciplines including cyber security, personnel security, data protection, physical security, business continuity, information management and supplier risk.
• Drive cultural change to facilitate a strategic approach to risk management and ensure that security and data protection risks are integral to HMRC’s broader risk management processes.
• Partner with senior leadership to determine acceptable levels of risk for HMRC and the ecosystem in which it operates, thus ensuring they are appropriately reflected in policies and standards and enable the organisation to take a risk-informed and compliance-based approach to investment and prioritisation.
• Serve as process owner of relevant second-line assurance activities undertaken by the organisation; Ensure GRC-related programs actively align themselves with the business and demonstrate that linkage in routine communication.
• Accountable for the development and management of relevant policies and procedures; Ensure successful execution of programs that deliver the objectives of the above.
• As a member of the Chief Security Officer’s senior leadership team, contribute to the overall strategic and operational management of HMRC’s enterprise security, risk management and data protection agenda.
• Identify and implement processes that methodically track the following: governance objectives, risk ownership/accountability, compliance with policies and decisions that are set through the governance process, risks to those objectives and the effectiveness of risk mitigation and controls.
• Oversee the follow-up of deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken, and a learning / continuous improvement culture is being embedded.
• Establish, monitor, evaluate and provide regular reporting on the posture and maturity of HMRC’s security and data protection to enterprise risk teams and senior leadership, including the Executive Committee, as part of a strategic enterprise risk management program, thus supporting business outcomes.
• Manage the relationship with Security and Information Business Partners; Recruit, lead, motivate and develop the GRC teams to deliver a customer-centric, effective, coherent and continuously-improving set of capabilities.
• Responsible for the management of the “Loss of Customer Data” and “Catastrophic Loss of Buildings/Services” risks owned by security within HMRC.
• Understand and interact with related disciplines through attendance at, and chairing of boards (as decision maker) to ensure the consistent application of GRC processes, policies and standards across projects, systems and services.
• Partner with other Cyber Security and Information Risks teams, relevant lines of business and advisory/regulatory bodies to monitor the internal and external threat environment for emerging threats and advise relevant stakeholders on actionable recommendations.
• Engage with stakeholders across Chief Digital and Information Officer Group (CDIO), HMRC at large, and cross-government to drive the GRC agenda and represent HMRC’s interests as a “customer”, while enabling HMRC to sustain its leadership position in delivering cross-government security transformation.
Essential Criteria / Person Specification:
• Extensive experience in developing and leading Security Governance Risk and Compliance (GRC) or Assurance & Governance teams in a large, complex environment and customer base.
• Proven experience in thinking strategically and articulating a clear vision for GRC, coupled with a track record of strong delivery capability.
• In-depth understanding of strategic business risks and wider security and data protection landscape.
• Evidence of managing and influencing significant interdependencies, collaboration and complex internal and external stakeholder relationships.
• Effective team leadership and coaching skills – building a culture of an effective, coherent, customer-centric and continuously-improving function; Leading process and cultural transformation in teams.
• Demonstrable experience of working effectively with managed suppliers and vendors.
• Proven experience of the end-to-end process of developing a comprehensive GRC strategy – from analysis to objective setting to service and architectural definition through to roadmap and business case development.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate risk and risk-related concepts to technical and nontechnical audiences at various hierarchical levels ranging from Executive Committee members to technical specialist
• Strong skills as a negotiator, to facilitate commitment to, and sign-off on, appropriate levels of residual risk from senior leadership.
• Demonstrable experience of leading and motivating cross-functional, interdisciplinary teams to achieve tactical and strategic goals in a matrixed organisational structure.
How to ApplyPlease apply direct on Civil Service Jobs: https://www.civilservicejobs.service.gov.uk/csr/jobs.cgi?jcode=1651140 Before the 3rd November 2019.
20 total views, 2 today