Purpose of Role:

Reporting to the Head of Cyber Security Risk & Compliance, this role sits in the Risk & Compliance function, which is responsible for defining, implementing, and leading risk and compliance for the Company Global Trust Organisation.

Working with the International CISO group, and alongside risk experts, the Cyber Risk Specialist is responsible for helping to build and manage the global information security’s risk program, assisting in the development of cyber risk policies for internal use, and risk statements for external use, and describing risk requirements for business partners and service providers. In this role you will also help to facilitate regulatory compliance by coordinating the information security’s approach to cyber risk and by supporting business units and legal colleagues. You will need to collaborate closely with business partners to ensure cyber risk controls are not affected adversely by other procedural or technology changes that may be implemented.


In this role you will:

• Help provide information security and cyber risk assessment to be incorporated into risk assessments, focused on specific business processes or applications.

• Work alongside other global information security colleagues and architecture to ensure that cyber risk by design principles are incorporated into all designs.

• Help prioritise cyber risk treatment for Company and subsidiary companies, and work with legal colleagues to determine how to maintain and improve compliance with regulatory requirements and corporate policies

• help the information security awareness specialist in the team craft cyber risk training and awareness programs and set up and maintain a consistent cyber security breach response plan for each business unit.

• Improve the quality of service provided to Company and its subsidiary companies with respect to cyber risk

• work with the Head of Cyber Security Risk & Compliance and the International CISO as a virtual security team, to help define, regulate, and improve cyber risk processes and services.

This role forms part of the wider strategic Cyber Security and Privacy programme being developed focusing on the reduction of risk to Company. To be successful in this role you will need the ability to balance a hands-on approach to risk from a security risk management perspective, with an ability to self-direct, prioritise and manage your workload. You will need a good knowledge of information security activities across technology, process, and governance as well as in depth cyber risk management


• Act as a liaison and point of contact for Cyber Security risk to Company colleagues

• Help to ensure effective execution of the Company risk management framework

• Provide advice and instructions on how to conduct cyber security risk assessments to business units

• Assist in the enhancement of existing Information Security risk processes to extend coverage and give better definition of information security assurance for Company and its subsidiary companies.

• Provide input into DPIAs from a Cyber security and risk perspective to support Business and Legal colleagues in completing DPIAs

• Assist in the monitoring of information security management procedures and compliance within the company alongside the wider Cyber security community and the Head of Cyber Risk and Compliance

• Provide input to the Company Enterprise Risk Management team and assist with Cyber Security GRC activities

• Provide Cyber risk input and advice into Global Cyber Operations support and operations as needed

• Help to ensure that Cyber security risk reporting is appropriate for all audiences, so they understand the most significant risks and they are aware of risks relevant to their parts of the business whilst aiding individuals to understand their accountability for individual risks

• Participate in meetings and design workshops to ensure cyber risk by design at all levels

• Work with legal and purchasing colleagues to liaise with other organisations that process data for Company to ensure that sufficient contractual and control elements are in place, such as standard contractual clauses, information security requirements, and Data Processing Agreements etc.

• Perform audits / assurance activities within the cyber risk TPRM framework and determine if Comoany need to alter our procedures to comply with regulations.

• Offer consultation on how to deal with data breaches from an information security perspective.

• Follow up with changes in law and issue recommendations to ensure compliance from a Cyber security perspective

Level of Education

• An appropriate degree, ideally in Computer Science, Risk or Security management, or equivalent work experience

• Formal Cyber Risk and Information Security Risk Management qualification or equivalent (e.g Certified ISMS Risk Management (CIS RM), CISM or equivalent) One or more of the following qualifications is highly desirable:

• Certified Information Systems Security Professional (CISSP)

• Formal ISO 27001 or similar based qualification or equivalent e.g., CISA, lead auditor, auditor

Work Experience

• Demonstrable experience in information security governance and assurance

– focussing on risk management Or solid experience of working within an information discipline with a formal information security qualification and extensive experience of data cyber risk and compliance in complicated environments

• Experience in multi-lingual environments, with effective standards of written and spoken English

• Experience of GDPR and Data Security and Protection control frameworks

• Knowledge of Cyber risk management in large complex corporate organisations

• Experience in supporting Cyber security compliance regimes.

• Ability to maintain composure and continue to function effectively under pressure.

• Effective presentation, communication and interpersonal skills required.

• Comfortable interacting effectively at all levels of the Belron and group companies.

Knowledge & Skills

• Subject matter expert in cyber risk identification, management, and remediation advice

• Use of formal risk management tools for third party and GRC tasks

• Skilled in working in highly complex federated management organisations

• Self- starter with the ability to work independently

• Effective verbal communication and interpersonal skills

• Effective writing and documentation skills.

• Good analytical skills with the ability to tailor an approach based on data and information received

• Ability to think and plan strategically balanced against the need to deliver

• Experience of sharing best practice for Risk management

This is what we offer you:

  • Permanent contract. We want you to feel part of the team and get a stable long-term relationship with us.
  • Performance evaluations and career map with annual follow-ups.
  • Medical insurance.
  • 20% Bonus salary.