Information Security Risk Manager

Job Title: Information Security Risk Manager
Location: Cardiff Bay, Wales
Salary: up to £60k per annum
Department: Information Security & Compliance
Reports To: Information Security & Compliance Manager


Your role will be to further strengthen Creditsafe’s ability to manage information security risks across our global operations. The Information Security Risk Manager will identify and assess potential information security risks, recommend mitigations and help the risk owners drive the implementation of mitigations to reduce information security risk to an acceptable level.

The Information Security Risk Manager will need to demonstrate a working knowledge of information security risk programme management, reporting metrics and how to deliver effective communications combined with an ability to engage with stakeholders at all levels of the organisation.

Key elements of the role include educating stakeholders and creating awareness of information security risks and reporting progress on information security risks to the Information Security Steering Group.

The Information Security Risk Manager will also be involved in projects to strengthen and mature the information security capabilities of the organisation. This will be done as part of managing our risk aligned to ISO/IEC 27001:2013 certification.

The right person for this role will be pro-active and independent minded, resilient in the face of difficulties with a keen eye for detail and the ability to complete tasks in an effective and timely manner.

Key Responsibilities:

• Manage the information security risk management process (including documentation governance);
• Monitor and improve risk controls within Creditsafe, aligning with the ISO/IEC 27001:2013 standard across existing certified areas of the business;
• Manage and support expansion of new certification programmes across the business;
• Contribute to regular security and compliance risk activities including security compliance reviews;
• Undertake and manage the group information security risk management programme;
• Contribute to information security user awareness programme;

• Compile and manage group-wide security and compliance metrics reporting;
• Work with business and technical functions to align policy to practice and vice versa;
• Keep up with relevant international legislation, emerging threats, forecasts, policies and benchmarks.

• Clear and concise communicator;
• Knowledge of information security and compliance frameworks such as ISO27001;
• Ability to engage with stakeholders at all levels;
• Ability to manage and collaborate with multidisciplinary teams;
• Strong organisational skills;
• Strong Microsoft SharePoint Online, Excel, Word, PowerPoint and Visio skills;
• Strong project management skills;
• Prior experience in an information security risk management role.

Essential Qualifications & Specialist Training:
• Information security risk management qualifications (e.g. CISA, CISM or CRISC);
• Degree or equivalent combination of education and experience (e.g. in a technical area and business administration).

Desirable Qualifications & Specialist Training:
• CISSP – Certified Information Systems Security Professional;
• Recognised project management certification such as PRINCE2, APM Project Fundamentals (PFQ) or equivalent experience;
• Other relevant information security risk certifications.