Head of Security Governance Risk

Location Edinburgh
Salary Up to £0.00 per annum
Job type Contract
Reference BBBH16226_1638349459

Head of Security Governance & Risk (Security & Resilience)

To lead our clients development, oversight and delivery of 1st line risk strategies, activities and capabilities for Security & Resilience in line with appropriate good practice and regulatory requirements. To work with all areas to ensure that risk management practices related to security, resilience and technology are defined, understood and operated by the relevant teams in line with standards and policies reflecting good industry practice. To ensure that compliance and regulatory requirements related to security and resilience are understood and reflected in standards and practices across 1st line teams.
To ensure that there approach to Security & Resilience can evidence alignment with the risk appetite of the organisation across operational activities and change programme initiatives.

What Will You Do?

  • Working with the CSRO and senior leaders enhance, develop and implement abrdn's Security & Resilience Governance framework delivering support and oversight to relevant teams in line with global security standards, e.g. NIST, and global regulatory expectations providing protection to customers and clients. Operate consistently with recognised professional practices and support external reviews and requests from stakeholders such as clients, regulators and auditors.
  • Maintain, develop and manage the Security & Resilience (PIR) and IT policies as part of the Enterprise Risk Management Framework. Work with 2nd line function and business area leadership to ensure they are able to provide appropriate and accurate returns for policy compliance. Provide guidance and support for development areas as required.
  • Working with the Head of Operational Resilience, design and establish reporting and metrics across all Security & Resilience domains, ensuring that there is timely and relevant visibility and reporting for senior teams and boards.
  • Act as senior lead interface across technology and security to External Audit for annual controls auditing, statutory audit and any other external audit requirement.
  • Work collaboratively as a member of the SRP leadership team driving continuous improvement, supporting business areas across all areas of SRP and driving a focus on risk reduction.
  • Actively lead, develop, coach and mentor a team to maximise performance and engagement and ensure employees are fairly rewarded.
  • Lead and manage the third-party assurance approach and operational service for the domains of Information Security, Physical Security, Data Privacy, Business Continuity, Disaster Recovery and & IT. Ensure that the service is aligned with good practice, takes a risk-based approach and drives efficiency and automation to allow increased coverage and relevance of assessments across an extensive supply chain. Processes and output to be aligned with wider Third Party Risk Management strategy and appropriate regulatory requirements.
  • Own, develop and embed Records Management policies, and support business areas to understand adopt the practices in line with policy, their obligations and good industry standards.
  • Provide support and guidance to end user areas for EUC and to deploy supporting tools. Outcome is better managed EUC applications consistent with required standards and lowering overall risk.
  • Lead projects and initiatives across SRP function or wider areas of COO function as appropriate, identified by Exec or in response to strategic risks or critical issues.



What You'll Need

Skills

  • Demonstrable knowledge of industry standards and practices across Security, Resilience and Technology Risk.
  • Demonstrable knowledge and experience across areas of security, resilience and technology including implementation of large-scale complex change, IT service, information security.
  • Good knowledge of financial markets, understanding the current demands of the market and ensuring delivery of operational resilience requirements in an evolving and complex environment.
  • Ability to interpret complex business issues and identify cost effective solutions for effective and practical mitigation and recovery plans.
  • Exceptional communication and presentation skills, excellent influencing and negotiation skills
  • Complex stakeholder management including C-Suite across the business, operational resilience professionals, senior leadership and Executive teams within the organisation.
  • Ability to work in a diverse and inclusive organisation and promote these values
  • Ability to understand and participate in complex projects and influence positive progressive solutions.
  • Ability to handle a diverse range of priorities and tasks in parallel on own and within a broader team.
  • Ability to adapt to and contribute to change in a positive and constructive manner
  • Ability to remain calm under pressure and handle difficult situations with tact and diplomacy



Knowledge

  • Strong understanding of IT, Security and associated practices in large organisations.
  • Strong understanding of risk management practices and how they apply in financial services organisations.
  • Fully conversant with all aspects of Security, Resilience and Technology Risk and relevant industry standards
  • Knowledge of the impact of regulation on security and resilience matters
  • Strong understanding and confidence in utilising leadership and management skills


Experience

  • Experience in rolling out complex programmes across multiple stakeholders
  • Experience in effectively managing executive level and senior stakeholders
  • Experience in dealing with complex regulatory communication and negotiation
  • Demonstrable track record of leading implementation and development work in areas of Security and Resilience and influencing wider organisation change in these areas.
  • Building and developing teams of experienced subject matter experts.

ersg are an equal opportunities employer; we are committed to promoting equality of opportunity for all job applicants. We do not discriminate against applicants on the basis of age, sex, race, disability, pregnancy, marital status, sexual orientation, gender reassignment or religious background; all decisions are based on merit.