Website Royal Mail
The Cyber Security Governance Lead is responsible for leading the strategy and implementation of Cyber Security at RMG, the management of governance, and reporting channels to senior stakeholders. To succeed the role holder needs to be able to understand the Cyber Security threats facing RMG and advise on the strategies – short, medium and longer term – to mitigate the risk to all areas of the business, which involves engaging with mid and senior leaders. The role is responsible for chairing governance committees and managing outcomes with second- and third-line functions.
- Stakeholder management. Able to engage and influence mid and senior stakeholders across the business with the ability to explain complex issues in simple language, and to stimulate second and third order thinking (i.e. what does this information mean to us as a business and therefore our risk picture vs our appetite?). This includes Chairing security meetings and presenting metrics against KPIs.
- Governance leadership. Taking the lead on defining, managing and improving governance structures and reporting channels, including chairing of key meetings, defining reporting frameworks and delivering insights to stakeholders and key meetings in order to influence decision making.
- Cyber Security Standards Management. Lead the management, communication and adoption of effective Cyber Security Standards for RMG. Ensure alignment with policies and manage exceptions to Standards in close collaboration with IT stakeholders and Second Line.
- Third Party Cyber Security management. RMG sets policies and standards for its third parties. This role ensures that we are enabling the business to succeed whilst managing Cyber Security risk within acceptable tolerances.
- Cyber Security Awareness. In partnership with the InfoSec Compliance team, contribute to the definition and delivery of a comprehensive Cyber Security Awareness Campaign ensuring continual improvement and effective monitoring.
- Technical expertise. This role will contribute to the definition and implementation of Cyber Security controls across multiple technologies, technical interdependencies and data flows.
- Ability to effectively recruit at pace and build a team of diverse thought but common mission.
- Agility of thought and comfort with complexity, together with the patience and resilience to overcome change inertia.
- The will to succeed in support of the business’ goals and to align potentially competing agendas to effectively manage Cyber Security within the business risk appetite.
- Recognized Cyber Security related qualifications (e.g. CISSP, CISM, CRISC,) desirable
- Any relevant risk management or audit certifications e.g. ISO 27001 lead auditor, MoR desirable
- Experience in developing and leading high performing small teams in technology or Cyber Security.
- Expert knowledge of Cyber Security management and practices.
- Expert knowledge and understanding of risk assessment and management methodologies.
- Ability to work at a senior level and ensure that tactical activity supports the strategic picture.
- Excellent communication skills and ability to influence at senior level.
- Commercial experience from product selection and contract negotiation through to vendor relationship and service management.
Company: Royal Mail
Vacancy Type: Full Time
Job Location: Chesterfield, England, UK
Application Deadline: N/A