Senior Manager, Controls & Standards Governance

---

Job description

Join an established Financial Services company at the control and standards governance technology manager.

Senior Manager, Controls & Standards Governance

Responsible for Control library, Cybersecurity controls assessments and Standards Governance.

Key Responsibilities

* Lead the oversight of the Cybersecurity controls environment
* Lead the development and governance of the Cybersecurity standards
* Roll out the GRC Cybersecurity controls framework while balancing the approach with end user experience and compliance to NIST FSSCC.
* Working with Controls Owners in partnership with other Cybersecurity and Technology stakeholders, evaluate and perform an end-to-end analysis of standards and the controls library and identify significant gaps and weaknesses and determine root cause of control deficiencies.
* Develop creative and innovative solutions to manage risk, ensuring that controls and metrics are properly designed, operating effectively, and essential to a proactive risk and control culture that leverages proven evaluation strategies and sound change management protocols.
* Engage collaboratively With Control Owners, regardless of geographic location, providing support across Cybersecurity.
* Update controls and their associated standards and metrics, and be a proactive adviser across the three lines of defence, identifying Cybersecurity risk issues and recommending solutions.
* Monitor the health of the controls library with respect to technical and operational processes.
* Be a part of a team providing independent review of design and control effectiveness.

Leadership responsibilities

* Ongoing and periodic risk and control assessment cycles and reporting
* A fit-for-purpose Cybersecurity Controls Library using key risk metrics, indicators and industry standards.

Impact

* This will be a high-profile role responsible for supporting audit and assurance engagements.

Experience

* Understanding and working knowledge of control frameworks based on industry best practices such as NIST, COBIT, and ISO27001.
* Cyber security qualification e.g. CISSP \/ CISM (desirable)
* Degree in Cyber, Information Security or IT management
* Demonstrable working knowledge and understanding of key cyber security controls such as Vulnerability Management, Identity & Access Management, Authentication and Authorisation systems, Data Protection, Application Security, Secure Application Development practices, Third-Party and Cloud security.
* IT and cybersecurity policies and standards
* Operational risk frameworks
* Regulatory compliance
* Technology resiliency

Leadership and management experience

* Experienced leader with 10+ years' experience in a regulated environment with risks, controls and metrics within Technology environments.

Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk