Cybersecurity Risk Manager

2 months ago

Glasgow, Glasgow City, United Kingdom City Facilities Management Holdings Ltd Full time

Cybersecurity Risk Manager

Salary Competitive

Location: Glasgow Head Office

Shift Pattern: Days

Hours per day: Full-time

Position Overview:

This role is situated within the second line of defense, where you will lead and support the organization in effectively managing cyber risks and safeguarding information. Your primary responsibility will be to shield the organization from security threats by identifying vulnerabilities and formulating suitable risk mitigation strategies. You will provide senior management with independent assurance regarding their cyber risk and information protection status.

You will collaborate closely with the first line cyber team to ensure that business assurance plans are communicated and that the requirements of the second line are clearly understood.

Additionally, you will spearhead a defined set of cyber assurance evaluations, projects, and initiatives while striving to meet cyber assurance and compliance objectives. You will also contribute to shaping the cybersecurity strategy for data protection, monitoring and reporting, risk and threat assessment, incident response, business continuity, and disaster recovery.

Principal Tasks and Responsibilities

Monitor & Review

  • Maintain and enhance the existing information security risk management framework, articulating risks in business terms, identifying appropriate mitigation strategies, and driving their implementation to ensure the security of our information and services.
  • Collaborate with key stakeholders to prioritize technology, process, and personnel-based security initiatives to address identified risks, employing continuous improvement principles to evolve our information security delivery framework.
  • Contribute to the annual information security business plan, including audits, tests, risk assessment activities, and updates to the information security delivery framework, such as policy revisions.
  • Identify pertinent information security activities in response to changes in standards and regulations.
  • Engage with key stakeholders to prioritize information security and compliance initiatives.
  • Conduct security risk assessments and adversarial testing to establish proportional risk, advising on relevant enhancements to the information security delivery framework.
  • Ensure data security measures are in place to comply with our policies.

Respond & Remediate

  • Address information security incidents in accordance with established standards and processes, meeting or exceeding agreed KPIs.
  • Follow a regular schedule of security and data protection compliance audits and tests, taking necessary actions to mitigate any identified risks.
  • Assist in the development of the organization's disaster recovery and business continuity plan.
  • Collaborate with internal departments and external vendors to identify and mitigate information security-related risks.
  • Initiate, facilitate, and promote activities to enhance information security and data protection awareness throughout the organization and its suppliers.
  • Serve as the primary contact for supervisory authorities and individuals whose data is processed.
  • Perform various activities related to information security and compliance, including awareness-raising, training needs analysis, data migrations, security hardening, breach management, and data protection-based requests for information.
  • Provide support in business development bids, pre-qualification questionnaires, and invitation to tender responses.
  • Undertake other duties deemed appropriate for the role and skill set.

Team Management

  • Contribute to and fulfill the development hiring plan for the team, including sourcing, screening, and interviewing candidates.
  • Conduct regular one-on-one meetings with all direct reports.
  • Establish team goals and technical direction, ensuring alignment with the objectives of the Technology and Information Security roadmaps.
  • Set personal goals for each team member while ensuring alignment with team objectives.
  • Implement effective engineering processes and policies that emphasize quality and continuous improvement.
  • Act as deputy for the Head of Information Security as needed.

Knowledge, Skills & Abilities

Essential

  • Degree-level qualification or equivalent experience in cyber risk management and information protection.
  • Knowledge of cybersecurity essentials.
  • Familiarity with ISO 27001 standards.
  • Understanding of NIST Cybersecurity Framework.
  • Strong technical background in data classification and data loss prevention.
  • Experience in information security governance, policy, and procedure development.
  • Proficiency in administering Active Directory, Azure AD, Windows File Services, SharePoint, and Office 365.
  • Experience in implementing Microsoft Purview and overseeing configuration.
  • Broad technical background (database, web-based application development, infrastructure, etc.).
  • Strong risk-based analysis and decision-making skills.
  • Business acumen.
  • Ability to communicate effectively across all levels of the organization.
  • Pragmatic and adaptable approach.
  • Strong problem-solving abilities.
  • Excellent interpersonal skills.
  • Creativity and innovation.

Desirable

  • Certifications such as CISSP, CRISC, or CISM.
  • Knowledge of EU GDPR.
  • Familiarity with PCI-DSS.
  • Experience with cloud, hybrid, and global enterprise networks.
  • Understanding of audit and risk assessment processes.
  • Experience in conducting audits, developing controls, and performing risk assessments.
  • Ability to manage third-party relationships.
  • Proven ability to analyze complex business processes and technologies to provide sound recommendations to non-technical stakeholders.

About City Facilities Management Holdings Ltd

Established in 1985, City Facilities Management Holdings Ltd has grown from its modest beginnings into one of the world's most trusted facilities management companies. The organization is built on the principles of collaboration and transparency, fostering long-term, mutually beneficial partnerships with clients. Each partnership is tailored to meet the unique needs of the business, implemented through a bespoke, self-delivered model.

With over 12,000 employees and divisions across Europe, Australia, North America, and Asia, City Facilities Management has diversified its service offerings to include maintenance and engineering, technical procurement and support, cleaning, and ancillary services across various markets.

City remains committed to the core values established by its founders, emphasizing professionalism, quality, customer service, and value in all its partnerships.

  • Cybersecurity Risk Manager

    4 weeks ago

    Glasgow, Glasgow City, United Kingdom CV Library Full time

    About the RoleWe are seeking an experienced Information Security Manager to join our 2nd Line of Defence team. As a key member of our cybersecurity team, you will be responsible for managing cyber risks and ensuring the business is protected from security threats.Key ResponsibilitiesMonitor and Review: Develop and maintain our information security risk...

  • Cybersecurity Risk Manager

    4 weeks ago

    Glasgow, Glasgow City, United Kingdom CV Library Full time

    About the RoleWe are seeking an experienced Information Security Manager to join our 2nd Line of Defence team. As a key member of our cybersecurity team, you will be responsible for managing cyber risks and ensuring the business is protected from security threats.Key ResponsibilitiesMonitor and Review: Develop and maintain our information security risk...

  • Cybersecurity Risk Manager

    4 weeks ago

    Glasgow, Glasgow City, United Kingdom Be-IT Full time

    About the Role:We are seeking a seasoned expert in cyber risk management and information protection to join our 2nd Line of Defence team. As an Information Security Manager, you will lead efforts to manage cyber risks, ensuring the business is protected from security threats. Your expertise will guide the identification of risks and the development of...

  • Cybersecurity Risk Manager

    4 weeks ago

    Glasgow, Glasgow City, United Kingdom Be-IT Full time

    About the Role:We are seeking a seasoned expert in cyber risk management and information protection to join our 2nd Line of Defence team. As an Information Security Manager, you will lead efforts to manage cyber risks, ensuring the business is protected from security threats. Your expertise will guide the identification of risks and the development of...

  • Cybersecurity Risk Manager

    1 month ago

    Glasgow, Glasgow City, United Kingdom Be-IT Resourcing Full time

    About the RoleWe are seeking an experienced Cybersecurity Risk Manager to join our 2nd Line of Defence team. As a key member of our cybersecurity team, you will be responsible for managing cyber risks and ensuring the business is protected from security threats.Key ResponsibilitiesMonitor and Review: Develop and maintain our information security risk...

  • Cybersecurity Risk Manager

    1 month ago

    Glasgow, Glasgow City, United Kingdom Be-IT Resourcing Full time

    About the RoleWe are seeking an experienced Cybersecurity Risk Manager to join our 2nd Line of Defence team. As a key member of our cybersecurity team, you will be responsible for managing cyber risks and ensuring the business is protected from security threats.Key ResponsibilitiesMonitor and Review: Develop and maintain our information security risk...

  • Cybersecurity Risk Manager

    1 month ago

    Glasgow, Glasgow City, United Kingdom Be-IT Full time

    About the RoleWe are seeking an experienced Cybersecurity Risk Manager to join our 2nd Line of Defence team. As a key member of our cybersecurity team, you will be responsible for managing cyber risks and ensuring the business is protected from security threats.Key ResponsibilitiesMonitor and Review: Maintain and evolve our information security risk...

  • Cybersecurity Risk Manager

    1 month ago

    Glasgow, Glasgow City, United Kingdom Be-IT Full time

    About the RoleWe are seeking an experienced Cybersecurity Risk Manager to join our 2nd Line of Defence team. As a key member of our cybersecurity team, you will be responsible for managing cyber risks and ensuring the business is protected from security threats.Key ResponsibilitiesMonitor and Review: Maintain and evolve our information security risk...

  • Cybersecurity Risk Manager

    3 weeks ago

    Glasgow, Glasgow City, United Kingdom Be-IT Full time

    Information Security ManagerBe-IT is seeking an experienced Information Security Manager to join our 2nd Line of Defence team. As a seasoned expert in cyber risk management and information protection, you will lead efforts to safeguard our business operations from evolving security threats.Key Responsibilities:Develop and lead a high-performing team, setting...

  • Cybersecurity Risk Manager

    3 weeks ago

    Glasgow, Glasgow City, United Kingdom Be-IT Full time

    Information Security ManagerBe-IT is seeking an experienced Information Security Manager to join our 2nd Line of Defence team. As a seasoned expert in cyber risk management and information protection, you will lead efforts to safeguard our business operations from evolving security threats.Key Responsibilities:Develop and lead a high-performing team, setting...

  • Cybersecurity Risk Manager

    4 weeks ago

    Glasgow, Glasgow City, United Kingdom Clad-It Ltd Full time

    About the Role:We are seeking an experienced Information Security Manager to join our 2nd Line of Defence team at Clad-It Ltd. In this critical role, you will lead efforts to manage cyber risks, ensuring the business is protected from security threats. Your expertise will guide the identification of risks and the development of effective mitigation plans....

  • Cybersecurity Risk Manager

    4 weeks ago

    Glasgow, Glasgow City, United Kingdom Clad-It Ltd Full time

    About the Role:We are seeking an experienced Information Security Manager to join our 2nd Line of Defence team at Clad-It Ltd. In this critical role, you will lead efforts to manage cyber risks, ensuring the business is protected from security threats. Your expertise will guide the identification of risks and the development of effective mitigation plans....

  • Cybersecurity Risk Manager

    3 weeks ago

    Glasgow, Glasgow City, United Kingdom CV Library Full time

    About the RoleWe are seeking an experienced Information Security Manager to join our 2nd Line of Defence team. As a key member of our cybersecurity team, you will be responsible for managing cyber risks and ensuring the business is protected from security threats.Key ResponsibilitiesMonitor and Review: Develop and maintain our information security risk...

  • Cybersecurity Risk Manager

    3 weeks ago

    Glasgow, Glasgow City, United Kingdom CV Library Full time

    About the RoleWe are seeking an experienced Information Security Manager to join our 2nd Line of Defence team. As a key member of our cybersecurity team, you will be responsible for managing cyber risks and ensuring the business is protected from security threats.Key ResponsibilitiesMonitor and Review: Develop and maintain our information security risk...

  • Cybersecurity Risk Manager

    4 weeks ago

    Glasgow, Glasgow City, United Kingdom Be-IT Full time

    Job Title: Information Security ManagerBe-IT is seeking a seasoned expert in cyber risk management and information protection to join our 2nd Line of Defence team. As an Information Security Manager, you will lead efforts to manage cyber risks, ensuring the business is protected from security threats.Key Responsibilities:Maintain and evolve our information...

  • Cybersecurity Risk Manager

    1 month ago

    Glasgow, Glasgow City, United Kingdom Be-IT Full time

    Information Security ManagerBe-IT is seeking a seasoned expert in cyber risk management and information protection to join our 2nd Line of defence team as an Information Security Manager. In this pivotal role, you will lead efforts to manage cyber risks, ensuring the business is protected from security threats.Key Responsibilities:Maintain and evolve our...

  • Cybersecurity Risk Manager

    1 month ago

    Glasgow, Glasgow City, United Kingdom Be-IT Full time

    Information Security ManagerBe-IT is seeking a seasoned expert in cyber risk management and information protection to join our 2nd Line of defence team as an Information Security Manager. In this pivotal role, you will lead efforts to manage cyber risks, ensuring the business is protected from security threats.Key Responsibilities:Maintain and evolve our...

  • Cybersecurity Risk Manager

    4 weeks ago

    Glasgow, Glasgow City, United Kingdom Be-IT Full time

    Job Title: Information Security ManagerBe-IT is seeking a seasoned expert in cyber risk management and information protection to join our 2nd Line of Defence team. As an Information Security Manager, you will lead efforts to manage cyber risks, ensuring the business is protected from security threats.Key Responsibilities:Maintain and evolve our information...

  • Cybersecurity Risk Manager

    3 weeks ago

    Glasgow, Glasgow City, United Kingdom Be-IT Full time

    Information Security ManagerBe-IT is seeking an experienced Information Security Manager to join our 2nd Line of Defence team. As a seasoned expert in cyber risk management and information protection, you will lead efforts to safeguard our business operations from evolving security threats.Key Responsibilities:Develop and lead a high-performing team, setting...

  • Cybersecurity Risk Manager

    3 weeks ago

    Glasgow, Glasgow City, United Kingdom Be-IT Full time

    Information Security ManagerBe-IT is seeking an experienced Information Security Manager to join our 2nd Line of Defence team. As a seasoned expert in cyber risk management and information protection, you will lead efforts to safeguard our business operations from evolving security threats.Key Responsibilities:Develop and lead a high-performing team, setting...