Risk Manager Infosec

Lowell ,
Leeds, West Yorkshire
Job Type: Full-time

Overview

We're Lowell. Haven't heard of us? Then let us say hello. You may not know us, but our reputation's growing. We help our customers pay off their debts in practical and affordable ways. And, we do it honestly and ethically. So far, we've expanded across nine countries and generated £849m cash income pa. We're one of Europe's largest credit management companies with a mission to make credit work better for all; For clients, consumers, colleagues and communities. With combined expertise in debt purchasing, third party collections, business process outsourcing, credit management and value added services, we have expanded at an incredible rate. Let's talk about the role. The purpose of the role is to enable and assure that Lowell UK's most material InfoSec and IT risks and incidents are being managed effectively. Working under direction of the 'Infrastructure Senior Business Partner', this is a specialist role focussing on providing assurance via testing of key InfoSec & IT controls and making recommendations for improvement of the control environment. Some of the accountabilities and responsibilities will include: Work with Senior Risk Business Partner, provide tailored and ongoing education, guidance and support to equip partnered IT & InfoSec Functions with the knowledge and skills to proactively identify, assess, evaluate, manage and risks (RCSAs) and incidents, in line with the Lowell Risk Framework Build a robust and sustainable risk oversight program for InfoSec risks & IT Risks which will regular testing of key InfoSec and IT controls Coordinate with key stakeholders to establish standards, policies, and develop KRIs for measuring and monitoring information security risk & IT risk on a continuous basis Assess the accuracy, completeness, and sufficiency of the Information security risk & IT risk oversight processes and methodologies Review and challenge first line risk assessments for Information Security risk & IT risk as part of the RCSA process Review InfoSec and IT risk incidents, conduct periodic trend analysis to determine key themes and areas of focus Provide and perform independent assurance and validation activities over key controls Identify and define emerging information security & IT threats and risks to the Group Provide support (in oversight and advisory capacity) on selected Information Security & IT remediation efforts Ensure the quality of risk information is complete, consistent, standardised, accurate, integrated and timely Participate in the development of information security & IT risk scenarios to guide the continuous improvement of firm's internal control environment How do we say thank you? You have a huge impact on our success and our rewards reflect this. With us you'll get: A competitive salary and annual pay reviews A annual bonus for a job well done 3% flexible benefits; whether you're into fitness or extra holidays, there's something for you. Private Health Insurance Want more? Our on-site subsidised restaurants serve great food all day. Cancel your gym membership we have one on site - it's free Free parking. A fantastic culture with more little perks along the way. What do we need from you? Experience in a similar risk management role Experience of working in a financial services environment Proficient in common information security domains: data protection, access control, encryption, identify management, security operations, application security, penetration tests, end-point security, vulnerability management, threat intelligence, risk assessment. Good understanding of IT risk and Operational Resilience disciplines. Good understanding of the tools and techniques of Risk Management Bachelor and or Master's Degree in Computer Science, Engineering or relevant technical field. Previous working experiences in information security operation and relevant security design knowledge. Ideally, has worked in a second line information security risk function. CISSP, CISM, or CISA certifications. Background in IT Risk Assessment, IT Audit, Information security management. Knowledge of information security regulatory requirements and environment in financial services industry Solid foundation in information technology and information security principles. Familiar with common information security frameworks and standards such as NIST, COBIT, ISO 27001 etc. Requires broad and deep understanding of technical security concepts and familiarity with related technologies and infrastructure, as well as a solid conceptual knowledge of enterprise IT system operations. Ability to analyse root causes of information security issues. Understanding of financial services specifically within information security and data privacy related laws, regulations, frameworks and guidelines Professional certifications in information security such as a CISSP, CISM, CRISC A people person with strong cross functional working experience and a great communicator - ability to articulate key messages across stakeholders at all levels Familiarity in planning and implementing risk reviews at all levels to determine appropriate levels of control are in place to minimise the potential impacts to the Business Effective relationship building and stakeholder management skills Once you get here, you'll still be going places. We really want to work with you to make your career what you want it to be, so we offer a load of different opportunities to help you develop. Take the next step and apply, or for more information contact the Talent Acquisition Team.