Cyber Security Risk Lead

Your new role

Cyber Security Risk Lead

The role of the Cyber Security Risk Lead is to lead, direct and help the business identify, record, assess and mitigate cyber risks. Reporting to the Head of GRC, they will shape, define and be responsible for operating within the cyber security risk managementprocess working closely with directors and heads of across National Highways.
The Cyber Security Risk Lead will also lead on management of cyber security risks for National Highways to secure data and systems in accordance with policies, regulatory requirements, and standards. This is a mandatory Government requirement to manage a corporatecyber risk register. As the role is established there will be a requirement to manage a small team of risk professionals.

What you’ll be leading on
- Management and ownership of the cyber security risk register with the articulation of risks, issues, causes, scoring, owners, and mitigation plans. This is to include risk definition, risk tolerance, reporting metrics and risk monitoring.
- Proactively identify emerging risks with an excellent understanding of the business context working very closely with heads of and at times directors.
- Lead with both internal and external stakeholders to maintain an accurate threat-based risk position.
- Provide high quality risk reports, with guidance and recommendations to enable senior business owners to make the most appropriate timely risk decisions.
- Lead and direct discussions across all levels and functions regarding risk related issues and proposing effective recommendations and policies to be implemented into the current risk management framework.
- Production of materials (papers and management reporting) in the context of cyber risk for governance and committee meetings.
- Able to assess cyber risk based on threat/vulnerability and impact analysis.

To be successful
- A relevant degree or postgraduate degree.
- IT audit/risk management, with examples of managing technology risk and compliance within an organisation.
- Knowledge of NIST and ISO standards in relation to information security and business continuity.
- SME level expertise in respect to information security risk management processes, frameworks and procedures.
- Leading, planning and conducting risk assessments with internal stakeholders and partners with an understanding of the area being reviewed.
- Professional qualifications such as CISA, CISM, or CISSP.
- ISO27001 Lead Auditor or equivalent.

A bit about us

The Digital Services Directorate is a growing and vibrant team and there has never been a better time to join us as we go through our transformation programme. We are helping to transform the way National Highways operates by delivering digital, data andtechnology services from frontline to back office, in a modern and efficient way.? Our vision is to develop integrated information and technology that empowers our colleagues and provides real time information to our customers, integration with intelligentvehicle and transport systems as they develop, to improve journey safety and reliability. ?

Why you should join us

At National Highways we believe in a connected country. We are passionate about creating a culture where colleagues feel connected, included and enjoy greater wellbeing to achieve this. We’re proud that as an organisation we are continually striving to dobetter and actively encourage and support our colleagues to do the same with their careers.

So, if you put safety first, take ownership of your work, show passion for what you do, work effectively in a team, and demonstrate integrity in how you do it - then you’ll be a great fit for our organisation.

Our benefits package
- Our total reward package includes basic salary, the potential for a performance related bonus
- Contributory pension scheme with employer contribution of up to 10%
- Annual Leave starting at 26 days (plus Bank Holidays) rising by 1 day each year up to 31 days (plus Bank Holidays)
- Flexible hours and blended working between base location/home
- Life assurance of 4 times annual salary
- Health and wellbeing support, including an Employee Assistance Programme, available 24/7 365 days and network of mental health first aiders. Plus access to a wellbeing app to enhance your self-care 24/7, Occupational health service and flu vaccines
- A cycle to work scheme for the purchase of a bicycle and equipment for healthy, low carbon travel
- Significant investment in your career development, through learning and development, talent management, coaching, mentoring and on job experience

And we are:

- Family friendly with enhanced maternity leave and pay, paternity leave (15 days), shared parental leave, adoption leave. Plus access to financial support for holiday play schemes and paid special leave (up to 5 days pa), eg for caring responsibilities
- Money friendly with access to a discounts platform including over 3000 discounts for supermarkets, eating out, leisure, holidays. Alongside a financial wellbeing programme
- Community friendly - offering paid leave to volunteer, 3 days basic/year plus an extra 3 days to support the national Covid effort
- Right to work check
- 3 year employment history references
- DBS criminal record check
- Social media and adverse journalism check
- Driving licence check (if applicable)
- Fit to work questionnaire (for all), followed by a medical check (if applicable)

And finally

And finally we reserve the right to close before the advertisement expires