Cyber Risk Specialist

Help provide information security and cyber risk assessment to be incorporated into risk assessments, focused on specific business processes or applications.

Work alongside other global information security colleagues and architecture to ensure that cyber risk by design principles are incorporated into all designs.

Help prioritize cyber risk treatment for Company and subsidiary companies, and work with legal colleagues to determine how to maintain and improve compliance with regulatory requirements and corporate policies.

Help the information security awareness specialist in the team craft cyber risk training and awareness programs and set up and maintain a consistent cyber security breach response plan for each business unit.

Improve the quality of service provided to Company and its subsidiary companies with respect to cyber risk.

Work with the Head of Cyber Security Risk & Compliance and the International CISO as a virtual security team, to help define, regulate, and improve cyber risk processes and services.

Act as a liaison and point of contact for Cyber Security risk to Company colleagues.

Help to ensure effective execution of the Company risk management framework.

Provide advice and instructions on how to conduct cyber security risk assessments to business units.

Assist in the enhancement of existing Information Security risk processes to extend coverage and give better definition of information security assurance for Company and its subsidiary companies.

Provide input into DPIAs from a Cyber security and risk perspective to support Business and Legal colleagues in completing DPIAs.

Assist in the monitoring of information security management procedures and compliance within the company alongside the wider Cyber security community and the Head of Cyber Risk and Compliance.

Provide input to the Company Enterprise Risk Management team and assist with Cyber Security GRC activities.

Provide Cyber risk input and advice into Global Cyber Operations support and operations as needed.

Help to ensure that Cyber security risk reporting is appropriate for all audiences, so they understand the most significant risks and they are aware of risks relevant to their parts of the business whilst aiding individuals to understand their accountability for individual risks.

Participate in meetings and design workshops to ensure cyber risk by design at all levels.

Work with legal and purchasing colleagues to liaise with other organisations that process data for Company to ensure that sufficient contractual and control elements are in place, such as standard contractual clauses, information security requirements, and Data Processing Agreements etc.

Perform audits / assurance activities within the cyber risk TPRM framework and determine if Comoany need to alter our procedures to comply with regulations.

Offer consultation on how to deal with data breaches from an information security perspective.

Follow up with changes in law and issue recommendations to ensure compliance from a Cyber security perspective.

An appropriate degree, ideally in Computer Science, Risk or Security management, or equivalent work experience.

Formal Cyber Risk and Information Security Risk Management qualification or equivalent (e.g Certified ISMS Risk Management (CIS RM), CISM or equivalent) One or more of the following qualifications is highly desirable:

• Certified Information Systems Security Professional (CISSP)
• Formal ISO 27001 or similar based qualification or equivalent e.g., CISA, lead auditor, auditor

Demonstrable experience in information security governance and assurance-focussing on risk management Or solid experience of working within an information discipline with a formal information security qualification and extensive experience of data cyber risk and compliance in complicated environments.

Experience in multi-lingual environments, with effective standards of written and spoken English.

Experience of GDPR and Data Security and Protection control frameworks.

Knowledge of Cyber risk management in large complex corporate organizations.

Experience in supporting Cyber security compliance regimes.

Ability to maintain composure and continue to function effectively under pressure.

Effective presentation, communication and interpersonal skills required.

Comfortable interacting effectively at all levels of the Belron and group companies.

Subject matter expert in cyber risk identification, management, and remediation advice.

Use of formal risk management tools for third party and GRC tasks.

Skilled in working in highly complex federated management organizations.

Self- starter with the ability to work independently.

Effective verbal communication and interpersonal skills.

Effective writing and documentation skills.

Good analytical skills with the ability to tailor an approach based on data and information received.

Ability to think and plan strategically balanced against the need to deliver.

Experience of sharing best practice for Risk management.