Senior Cyber Risk Assessment Specialist

3 weeks ago

London, Greater London, United Kingdom Pearson Full time

Position: Senior Cyber Risk Assessment Specialist

Company: Pearson

About Pearson:

At Pearson, our mission is to 'add life to a lifetime of learning', enabling individuals to achieve their aspirations. We are dedicated to crafting engaging and impactful educational experiences that resonate in real-world scenarios. Established in 1844, Pearson has continually evolved to meet the demands of a dynamic market, with over 20,000 employees committed to delivering high-quality, digital-first, accessible, and sustainable learning resources.

About the Chief Information Security Office:

The Chief Information Security Office (CISO) at Pearson is tasked with defining and upholding the enterprise vision, strategy, and program to safeguard the confidentiality, integrity, and availability of our information assets and technologies against potential threats and vulnerabilities. Our structure comprises four essential pillars: Security Operations, Security Engineering and Architecture, Posture Management, and Governance, Risk, and Compliance.

Role Overview:

As a vital member of the Governance, Risk, and Compliance pillar within CISO, you will cultivate strong partnerships across all CISO pillars and key stakeholders within Pearson Digital and Technology and various Business Divisions. Your contributions will drive the innovation and transformation of Pearson's Security Risk and Compliance program, particularly focusing on third-party vendor and supply chain risk management. This includes developing and executing a comprehensive risk management strategy, performing thorough due diligence on third-party practices, and ensuring ongoing monitoring.

Key Responsibilities:

  • Conduct timely security evaluations of third-party suppliers, accurately documenting results and initiating appropriate assurance actions.
  • Assist in producing high-quality, informative reports regarding third-party assurance evaluations.
  • Provide expert advice and guidance to stakeholders on Information/Cyber Security Minimum Requirements for vendor assessments.
  • Collaborate with procurement, legal, and other stakeholders to ensure vendor contracts and agreements incorporate necessary security and compliance stipulations.
  • Engage in the collection of Key Risk Indicators (KRIs) and Management Information reporting on third-party cyber risks and assessments.
  • Support management with internal reporting, including updates for steering committees and senior management.
  • Develop metrics and measurements to demonstrate compliance with security frameworks.
  • Assist internal stakeholders with projects related to third-party information security.
  • Support the broader cyber risk function in third-party/vendor risk assessments.
  • Contribute to the global team's efforts in enhancing the program, implementing identified improvements to increase effectiveness and efficiency.
  • Engage with management and the wider information security community.
  • Develop expertise in third-party security requirements relevant to Pearson.
  • Stay informed about the latest cyber threats, attack vectors, and industry best practices in third-party risk management.

Essential Skills & Experience:

  • Experience in the Cyber Security domain, particularly in Governance, Risk, Compliance, and Assurance.
  • Relevant professional cyber security certifications (e.g., CISSP, CISM, CRISC, CCSP, ISO 27001 LA/LI).
  • Proven expertise with common information security management frameworks, such as ISO/IEC 27001/2, NIST 800-53, NIST CSF, CIS Top 20, and CIS benchmarks.
  • Experience in translating data privacy legal and regulatory requirements into information security terms (e.g., GDPR, CCPA, HIPAA).
  • Strong verbal and written communication skills, capable of engaging with diverse audiences including technologists, executives, and business stakeholders.
  • Demonstrated experience in designing, implementing, and managing systems and/or assurance frameworks.
  • Highly analytical with strong problem-solving capabilities.
  • Exhibit a high degree of initiative, reliability, and thought leadership.

Desirable Skills & Experience:

  • Master's degree in information security or a related field, such as Information Technology.
  • Experience conducting internal audits against recognized standards and frameworks (e.g., ISO 27001, ISO 22301).
  • Experience in a similarly sized organization or consulting practice.
  • Knowledge of relevant legal and regulatory requirements, particularly in the US, UK, and EU.
  • Experience with Payment Card Industry Data Security Standards (PCI DSS) compliance in eCommerce is a plus.

Benefits:

  • 25 days of annual leave (increasing by 1 day for each year of continuous service up to 30 days); annual leave trading, +/- 5 days.
  • Annual bonus.
  • Private pension plan where we contribute double what you pay, up to 16% based on age.
  • Life, private medical, and dental care insurance options, plus free eye tests.
  • Stock/share purchase options.
  • Maternity, paternity, and family care leave, along with flexible working policies.
  • Employee wellbeing assistance program.
  • Cycle to work program, volunteering days, gym membership discounts in selected locations, and retail and leisure discounts.
  • Encouragement for staff to engage in at least 40 hours of training annually, including relevant AWS training and certification.

Flexible Working: Pearson is committed to hybrid working practices, allowing employees to manage their office attendance flexibly. Our core hours are Monday to Friday, 10 AM to 4 PM GMT/BST, accommodating personal commitments.

Diversity: At Pearson, we embrace the strength of an inclusive culture and a strong sense of belonging. We foster an environment where differences are celebrated, and opportunities are equitable and accessible.

Application Process: Thank you for considering a role at Pearson. Please submit your updated CV and an optional cover letter in English. For any questions or further information, feel free to reach out.

What to Expect from Pearson:

Did you know Pearson is recognized as one of the 10 most innovative education companies of 2022? We are on a journey to become fully digital, meeting the evolving needs of the global population with ambitious targets. Our strategic vision is supported by five business divisions that underpin the company's long-term growth: Assessment & Qualifications, Virtual Learning, English Language Learning, Workforce Skills, and Higher Education, alongside corporate divisions in Digital & Technology, Finance, Global Corporate Marketing & Communications, Human Resources, Legal, Strategy, and Direct to Consumer.

We believe that diversity, equity, and inclusion enhance our innovation and vibrancy. Our focus is on building a workplace where talent can learn, grow, and thrive.

  • Senior Cyber Risk Assessment Specialist

    3 weeks ago

    London, Greater London, United Kingdom Pearson Full time

    Position: Senior Cyber Risk Assessment Specialist Company Overview: Pearson is dedicated to enhancing the educational journey of individuals by providing impactful learning experiences. Founded in 1844, our organization has evolved to meet the demands of a dynamic market, with over 20,000 employees committed to delivering high-quality, accessible resources...

  • Cyber Security Risk Management Specialist

    2 days ago

    London, Greater London, United Kingdom LT Harper - Cyber Security Recruitment Full time £55,000 - £65,000

    About the RoleWe are seeking a highly skilled Cyber Security Risk Management Specialist to join our team at LT Harper - Cyber Security Recruitment. As a key member of our Cyber practice, you will play a crucial role in building our brand and reputation in the industry.Key ResponsibilitiesDeliver engagements and identify risk relevant to clients, proposing...

  • Cyber Security Risk Management Specialist

    2 days ago

    London, Greater London, United Kingdom LT Harper - Cyber Security Recruitment Full time £55,000 - £65,000

    About the RoleWe are seeking a highly skilled Cyber Security Risk Management Specialist to join our team at LT Harper - Cyber Security Recruitment. As a key member of our Cyber practice, you will play a crucial role in building our brand and reputation in the industry.Key ResponsibilitiesDeliver engagements and identify risk relevant to clients, proposing...

  • Cyber Security Risk Management Specialist

    5 days ago

    London, Greater London, United Kingdom LT Harper - Cyber Security Recruitment Full time £55,000 - £65,000

    About the RoleWe are seeking a highly skilled Cyber Security Risk Management Specialist to join our team at LT Harper - Cyber Security Recruitment. As a key member of our Cyber practice, you will play a crucial role in building our brand and reputation in the industry.Key ResponsibilitiesDeliver engagements and identify risk relevant to clients, proposing...

  • Cyber Security Specialist

    6 days ago

    London, Greater London, United Kingdom Iceberg Cyber Security Full time

    Job OverviewWe are seeking a highly skilled Cyber Security Engineer to join our global team at Iceberg Cyber Security. This role will be based in our London office, where you will work closely with our existing engineers and SecOps team.Our ideal candidate will have a strong background in network security, firewalls, VPN, and IPS, as well as a deep...

  • Cyber Security Risk Management Specialist

    2 days ago

    London, Greater London, United Kingdom Concept Resourcing Full time

    About the RoleWe are seeking a highly skilled Cyber Security Risk Management Specialist to join our team at Concept Resourcing. As a Cyber Security Risk Management Specialist, you will play a critical role in supporting the secure design, development, and operation of digital products.Key ResponsibilitiesConduct regular deep dive cyber risk assessments and...

  • Cyber Security Risk Management Specialist

    3 days ago

    London, Greater London, United Kingdom Concept Resourcing Full time

    About the RoleWe are seeking a highly skilled Cyber Security Risk Management Specialist to join our team at Concept Resourcing. As a Cyber Security Risk Management Specialist, you will play a critical role in supporting the secure design, development, and operation of digital products.Key ResponsibilitiesConduct regular deep dive cyber risk assessments and...

  • Business Development Manager

    6 days ago

    London, Greater London, United Kingdom CornerStone - Risk, Cyber & Security Full time

    Job Description**About CornerStone - Risk, Cyber & Security**We are a leading, award-winning, independent international Security Risk Consultancy, and we are now seeking a highly skilled Business Development Manager to join our growing team. Our company culture is built upon innovation, teamwork, taking ownership, and supporting each other. We invest in our...

  • Cyber Security Assurance Specialist

    3 days ago

    London, Greater London, United Kingdom Iceberg Cyber Security Full time

    We are seeking a highly skilled Cyber Security Assurance Specialist to play a crucial role in safeguarding our systems and data at Iceberg Cyber Security. If you hold a Security Clearance and are passionate about protecting critical information, this opportunity may be of interest to you.Key Responsibilities:Conduct comprehensive security assessments and...

  • Cyber Security Assurance Specialist

    3 days ago

    London, Greater London, United Kingdom Iceberg Cyber Security Full time

    We are seeking a highly skilled Cyber Security Assurance Specialist to play a crucial role in safeguarding our systems and data at Iceberg Cyber Security. If you hold a Security Clearance and are passionate about protecting critical information, this opportunity may be of interest to you.Key Responsibilities:Conduct comprehensive security assessments and...

  • Cyber Security Risk Specialist

    3 weeks ago

    London, Greater London, United Kingdom Guy's and St Thomas' NHS Foundation Trust Full time

    Position Overview The Cyber Security Risk Specialist will play a pivotal role in enhancing the organization's cyber security framework and mitigating the potential impacts of cyber threats. The primary objective of this position is to safeguard the sensitive information and services that are crucial for patient care. The responsibilities encompass the...

  • Cyber Security Risk Management Specialist

    2 weeks ago

    London, Greater London, United Kingdom Concept Resourcing Full time

    Job SummaryConcept Resourcing is seeking a highly skilled Cyber Security Risk Management Specialist to join our team. As a Cyber Security Risk Management Specialist, you will play a critical role in supporting the secure design, development, and operation of digital products.Key ResponsibilitiesConduct thorough cyber risk and vulnerability assessments to...

  • Cyber Security Risk Management Specialist

    4 days ago

    London, Greater London, United Kingdom Concept Resourcing Full time

    Job SummaryConcept Resourcing is seeking a highly skilled Cyber Security Risk Management Specialist to join our team. As a Cyber Security Risk Management Specialist, you will play a critical role in supporting the secure design, development, and operation of digital products.Key ResponsibilitiesConduct thorough cyber risk and vulnerability assessments to...

  • Senior Underwriter

    5 days ago

    London, Greater London, United Kingdom Eames Consulting Full time

    We are seeking a highly skilled Cyber Risk Specialist to join our team at Eames Consulting. As a Senior Underwriter, you will play a key role in shaping the strategic direction of our Cyber book by underwriting a diverse portfolio of clients.This is an excellent opportunity for a development-orientated individual with strong London Market Broker relations to...

  • Senior Underwriter

    2 days ago

    London, Greater London, United Kingdom Eames Consulting Full time

    We are seeking a highly skilled Cyber Risk Specialist to join our team at Eames Consulting. As a Senior Underwriter, you will play a key role in shaping the strategic direction of our Cyber book by underwriting a diverse portfolio of clients.This is an excellent opportunity for a development-orientated individual with strong London Market Broker relations to...

  • Business Development Manager

    4 days ago

    London, Greater London, United Kingdom CornerStone - Risk, Cyber & Security Full time

    About CornerStone - Risk, Cyber & SecurityCornerStone is a leading, award-winning, independent international Security Risk Consultancy, and we are now seeking a Business Development Manager to join our growing team. We are looking for an individual who enjoys working in a fast-paced, collaborative environment that is built upon innovation, teamwork, taking...

  • Business Development Manager

    6 days ago

    London, Greater London, United Kingdom CornerStone - Risk, Cyber & Security Full time

    About CornerStone - Risk, Cyber & SecurityCornerStone is a leading, award-winning, independent international Security Risk Consultancy, and we are now seeking a Business Development Manager to join our growing team. We are looking for an individual who enjoys working in a fast-paced, collaborative environment that is built upon innovation, teamwork, taking...

  • Cyber Security Risk Management Specialist

    2 days ago

    London, Greater London, United Kingdom Locke and McCloud Full time £45,000 - £60,000

    About the RoleWe are seeking a highly skilled Cyber Security Risk Management Specialist to join our team at Locke & McCloud. As a Cyber Security Risk Management Specialist, you will play a key role in supporting our clients with ISO27001 and NIST audits, ensuring their security postures are robust and compliant.Key ResponsibilitiesConduct thorough audits and...

  • Cyber Security Risk Management Specialist

    2 days ago

    London, Greater London, United Kingdom Locke and McCloud Full time £45,000 - £60,000

    About the RoleWe are seeking a highly skilled Cyber Security Risk Management Specialist to join our team at Locke & McCloud. As a Cyber Security Risk Management Specialist, you will play a key role in supporting our clients with ISO27001 and NIST audits, ensuring their security postures are robust and compliant.Key ResponsibilitiesConduct thorough audits and...

  • Cyber Security Architect

    5 days ago

    London, Greater London, United Kingdom LT Harper - Cyber Security Recruitment Full time £80,000 - £100,000

    Job Title: Cyber Security Architect - Senior ConsultantJob Type: Full-timeIndustry: Cyber Security, TechnologyCompany: LT Harper - Cyber Security RecruitmentLocation: Hybrid - LondonJob Description:We are seeking a highly skilled Cyber Security Architect to join our team as a Senior Consultant. As a Cyber Security Architect, you will be responsible for...