Challenge yourself and change lives, transforming complex systems and essential infrastructure that everyone relies on. Our ServiceNow Technical Design & Developer are trusted to work closely with a wide range of clients on exciting projects with real-world purpose and impact. CGI was recognised in the Sunday Times Best Places to Work List 2024 and has been named one of the 'World's Best Employers' by Forbes magazine. We offer a competitive salary, excellent pension, private healthcare, plus a share scheme (3.5% + 3.5% matching) which makes you a member not just an employee. We are committed to inclusivity, building a genuinely diverse community of tech talent and inspiring everyone to pursue careers in our sector, including our Armed Forces, and are proud to hold a Gold Award in recognition of our support of the Armed Forces Corporate Covenant. Join us and you'll be part of an open, friendly community of experts. We'll train and support you in taking your career wherever you want it to go. We are happy to discuss remote or hybrid working. Your future duties and responsibilities The ServiceNow Technical Design & Developer will play a key role in configuring new and existing environments. This individual will be a technical designer for ServiceNow code and architecture, and work with architects and implementation consultants in order to build solutions and processes, supporting maintenance, continual service improvement, and new capabilities on the ServiceNow platform. In this role, you will design, prototype, implement, and deploy innovative solutions, including business rules, client scripts, UI pages, scheduled jobs, import sets, and custom integrations such as SSO, CMDB, and SaaS connectors. You'll also integrate legacy systems with ServiceNow using advanced tools like mid-server, web services, and ChatOps. You will lead the development of both existing and custom applications within ServiceNow, including creating a seamless Service Portal and Service Catalog experience. With a focus on maintaining a highly available and recoverable environment, you'll use update sets to migrate customizations across instances and provide advanced administrative support, troubleshooting, and bug fixes while documenting and updating operational policies. Collaboration is key in this role-you'll work closely with process managers to understand business needs, identify pain points, and drive improvements. Your commitment to continuous learning and staying at the forefront of ServiceNow best practices will ensure our platform remains cutting-edge. If you thrive in a dynamic environment and are passionate about leveraging your ServiceNow expertise to deliver impactful solutions, we want to hear from you! Required qualifications to be successful in this role We're looking for a range of the following skills and experiences: • Demonstrable experience of ServiceNow development and IT service management process design • ServiceNow System Admin Certification • ServiceNow Implementation Certifications, i.e. the platform, ITSM, CSM, ITBM, ITOM, HRSD, SecOps and GRC • Overarching understanding of ServiceNow Enterprise product suite • Fundamental understanding of the key technologies relevant to the ServiceNow integration solutions including: ServiceNow API's, SSO, SAML, SSL, Web Services, LDAP, JDBC, ODBC, REST, SCP, FTPS • Ability to apply business concepts into a technical solution • Web portal development skills, such as HTML, CSS, Angular JS, bootstrap • Experience implementing the following Core Process Areas: Incident, Problem, Change, Service Catalogue, Request, and CMDB • Ability to create reports using the standard reporting engine, plus metrics and SLAs • Follow ServiceNow best practices (including scripting, security, implementation) • Display aptitude in learning new modules based on training materials • Experience with collaboration across functional borders enterprise-wise (i.e. within and outside of IT) • ITIL foundation certification Together, as owners, let's turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you'll reach your full potential because You are invited to be an owner from day 1 as we work together to bring our Dream to life. That's why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company's strategy and direction. Your work creates value. You'll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You'll shape your career by joining a company built to grow and last. You'll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team-one of the largest IT and business consulting services firms in the world.
Feb 06, 2025
Full time
Challenge yourself and change lives, transforming complex systems and essential infrastructure that everyone relies on. Our ServiceNow Technical Design & Developer are trusted to work closely with a wide range of clients on exciting projects with real-world purpose and impact. CGI was recognised in the Sunday Times Best Places to Work List 2024 and has been named one of the 'World's Best Employers' by Forbes magazine. We offer a competitive salary, excellent pension, private healthcare, plus a share scheme (3.5% + 3.5% matching) which makes you a member not just an employee. We are committed to inclusivity, building a genuinely diverse community of tech talent and inspiring everyone to pursue careers in our sector, including our Armed Forces, and are proud to hold a Gold Award in recognition of our support of the Armed Forces Corporate Covenant. Join us and you'll be part of an open, friendly community of experts. We'll train and support you in taking your career wherever you want it to go. We are happy to discuss remote or hybrid working. Your future duties and responsibilities The ServiceNow Technical Design & Developer will play a key role in configuring new and existing environments. This individual will be a technical designer for ServiceNow code and architecture, and work with architects and implementation consultants in order to build solutions and processes, supporting maintenance, continual service improvement, and new capabilities on the ServiceNow platform. In this role, you will design, prototype, implement, and deploy innovative solutions, including business rules, client scripts, UI pages, scheduled jobs, import sets, and custom integrations such as SSO, CMDB, and SaaS connectors. You'll also integrate legacy systems with ServiceNow using advanced tools like mid-server, web services, and ChatOps. You will lead the development of both existing and custom applications within ServiceNow, including creating a seamless Service Portal and Service Catalog experience. With a focus on maintaining a highly available and recoverable environment, you'll use update sets to migrate customizations across instances and provide advanced administrative support, troubleshooting, and bug fixes while documenting and updating operational policies. Collaboration is key in this role-you'll work closely with process managers to understand business needs, identify pain points, and drive improvements. Your commitment to continuous learning and staying at the forefront of ServiceNow best practices will ensure our platform remains cutting-edge. If you thrive in a dynamic environment and are passionate about leveraging your ServiceNow expertise to deliver impactful solutions, we want to hear from you! Required qualifications to be successful in this role We're looking for a range of the following skills and experiences: • Demonstrable experience of ServiceNow development and IT service management process design • ServiceNow System Admin Certification • ServiceNow Implementation Certifications, i.e. the platform, ITSM, CSM, ITBM, ITOM, HRSD, SecOps and GRC • Overarching understanding of ServiceNow Enterprise product suite • Fundamental understanding of the key technologies relevant to the ServiceNow integration solutions including: ServiceNow API's, SSO, SAML, SSL, Web Services, LDAP, JDBC, ODBC, REST, SCP, FTPS • Ability to apply business concepts into a technical solution • Web portal development skills, such as HTML, CSS, Angular JS, bootstrap • Experience implementing the following Core Process Areas: Incident, Problem, Change, Service Catalogue, Request, and CMDB • Ability to create reports using the standard reporting engine, plus metrics and SLAs • Follow ServiceNow best practices (including scripting, security, implementation) • Display aptitude in learning new modules based on training materials • Experience with collaboration across functional borders enterprise-wise (i.e. within and outside of IT) • ITIL foundation certification Together, as owners, let's turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you'll reach your full potential because You are invited to be an owner from day 1 as we work together to bring our Dream to life. That's why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company's strategy and direction. Your work creates value. You'll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You'll shape your career by joining a company built to grow and last. You'll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team-one of the largest IT and business consulting services firms in the world.
Role: Sales Support Executive / Business Support Executive Location: Glasgow - Hybrid model (2 days office) Salary: 40,000 - 60,000 per annum The role: As a Sales Support Executive, you will play a crucial role in supporting the Account Management function. Your efforts will allow Account Managers to focus on generating ARR and building strong relationships. You will be the backbone of the client reporting platform, working closely with the Senior members of the team to design, develop, and deliver reports for QBR, EBR, and Leadership meetings. Your expertise will also be invaluable in assisting Account Managers with additional reporting requirements. In this role, you will be the first point of contact for internal finance queries, collaborating with Finance colleagues to resolve minor client issues. Your collaboration with the Marketing team will ensure that our key accounts receive appropriate coverage in our initiatives. You will also engage early with clients and Account Managers on renewals, working towards moving clients to longer-term agreements and maximising value from our contractual obligations. Your role will extend to liaising with our Governance, Risk, and Compliance (GRC) team to ensure timely provision of required reports, Pen Tests, and security certifications. Additionally, you will assist with the smooth running of Expansion-led ad-hoc projects as they arise. About you: To excel in this role you will have a proven background in a sales, revenue, or account support role. You should possess strong reporting skills and a solid understanding of sales tooling, including Salesforce or Gainsight ideally and be well versed in O365. Ideally have a background in Financial Services, Insurance, Payments or Investment Management and ideally have worked with an organisation delivering SaaS into these sectors. Your knowledge of revenue operations processes and the customer lifecycle, from lead generation to opportunity conversion, will be essential. Excellent communication, problem-solving, and project management skills are a must, along with the ability to work collaboratively across multiple teams. We are looking for someone who is customer-centric, adaptable, and confident in a data-driven environment. You should be committed to ensuring alignment and awareness of revenue goals, fostering strong relationships, and working collaboratively across teams. In return: If you are ready to be part of a dynamic team that is driving innovation across a number of key products, then we would love to hear from you. In return there is a Salary ranging 40,000 - 60,000 per annum plus an extensive benefit which includes bonus, pension, generous holidays and an additional 3.5k of perks. Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.
Feb 06, 2025
Full time
Role: Sales Support Executive / Business Support Executive Location: Glasgow - Hybrid model (2 days office) Salary: 40,000 - 60,000 per annum The role: As a Sales Support Executive, you will play a crucial role in supporting the Account Management function. Your efforts will allow Account Managers to focus on generating ARR and building strong relationships. You will be the backbone of the client reporting platform, working closely with the Senior members of the team to design, develop, and deliver reports for QBR, EBR, and Leadership meetings. Your expertise will also be invaluable in assisting Account Managers with additional reporting requirements. In this role, you will be the first point of contact for internal finance queries, collaborating with Finance colleagues to resolve minor client issues. Your collaboration with the Marketing team will ensure that our key accounts receive appropriate coverage in our initiatives. You will also engage early with clients and Account Managers on renewals, working towards moving clients to longer-term agreements and maximising value from our contractual obligations. Your role will extend to liaising with our Governance, Risk, and Compliance (GRC) team to ensure timely provision of required reports, Pen Tests, and security certifications. Additionally, you will assist with the smooth running of Expansion-led ad-hoc projects as they arise. About you: To excel in this role you will have a proven background in a sales, revenue, or account support role. You should possess strong reporting skills and a solid understanding of sales tooling, including Salesforce or Gainsight ideally and be well versed in O365. Ideally have a background in Financial Services, Insurance, Payments or Investment Management and ideally have worked with an organisation delivering SaaS into these sectors. Your knowledge of revenue operations processes and the customer lifecycle, from lead generation to opportunity conversion, will be essential. Excellent communication, problem-solving, and project management skills are a must, along with the ability to work collaboratively across multiple teams. We are looking for someone who is customer-centric, adaptable, and confident in a data-driven environment. You should be committed to ensuring alignment and awareness of revenue goals, fostering strong relationships, and working collaboratively across teams. In return: If you are ready to be part of a dynamic team that is driving innovation across a number of key products, then we would love to hear from you. In return there is a Salary ranging 40,000 - 60,000 per annum plus an extensive benefit which includes bonus, pension, generous holidays and an additional 3.5k of perks. Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.
Are you a GRC specialist? Want to play a crucial role in the development, implementation, and management of Jagex's Governance, Risk, and Compliance (GRC) framework? Want to do that for one of the world's leading online games companies? This position will report to the Director of Cyber Security to ensure the company's information security policies and practices align with both industry regulations and internal strategic objectives, particularly focusing on supporting game development processes. What you'll be doing: GRC Framework Development: Develop and implement a comprehensive GRC framework that aligns with industry standards such as ISO 27001, NIST CSF, PCI-DSS, and GDPR. Manage and update the information security policies, ensuring they are current and relevant to evolving risks. Ensure alignment with legal, regulatory, and contractual obligations specific to the game development industry. Oversee the creation, implementation, and regular review of security policies, standards, and procedures. Collaborate with business units to ensure that policies are understood, accessible, and appropriately enforced. Risk Management: Identify, assess, and manage technical and non-technical security risks associated with game development, live operations, and supporting infrastructure. Develop risk treatment plans, work with game development teams to mitigate identified risks, and track remediation efforts. Compliance & Audit Management: Lead internal and external audits for compliance certifications, ensuring successful completion with minimal business disruption. Manage the lifecycle of compliance initiatives such as PCI-DSS, GDPR, and other regional requirements affecting game development operations. Stay informed of industry trends and changes in regulations that may impact security compliance efforts. Training & Awareness: Develop and deliver a security awareness program that targets various departments, with an emphasis on secure coding and game development practices. Ensure continuous education across the company on security policies, risks, and compliance. Vendor & Third-Party Risk Management: Evaluate the security posture of third-party vendors and partners, ensuring their practices align with the company's security policies. Oversee the third-party risk management process, conducting vendor security assessments and managing associated risks. What you'll need: Extensive experience in a GRC role within the gaming, technology, or software development industries. Proven experience in managing security policies, risk assessments, and compliance programs (such as ISO 27001, PCI-DSS, GDPR, etc.). Knowledge & Skills: Deep understanding of governance, risk, and compliance processes as they relate to game development. Strong knowledge of security frameworks and standards like ISO 27001, NIST CSF, SOC 2, and GDPR. Experience leading security audits and working with both internal and external auditors. Strong risk management skills, including conducting risk assessments, developing treatment plans, and overseeing remediation efforts. Excellent written and verbal communication skills, with the ability to convey complex security topics to technical and non-technical stakeholders. Relevant security certifications such as CISA, CISM, CRISC, or ISO 27001 Lead Implementer. Soft Skills: Strong leadership and project management abilities, with a track record of managing cross-functional teams. High attention to detail, proactive in identifying risks, and a solution-oriented approach. Ability to thrive in a dynamic, fast-paced game development environment. What we offer: Private Healthcare, including Dental Plan. Minimum 6% Pension contributions. Employee Assistance Programme & onsite Counselling. Life Insurance. Discretionary annual performance bonus. Enhanced family leave policies from day 1. Flexible working hours. 25 days annual leave + Bank holidays & the option to buy/sell holidays + so much more! Please note that due to us approaching the Christmas & New Year break, we have many people among the hiring teams who are on annual leave or will be absent due to the studio closing over the holiday period. This means that, in most cases, applications made during December are unlikely to proceed to interview until January 2025. We appreciate your patience during this time. Collaboration is at the heart of Jagex. We love getting together with our teams to share ideas and socialise. Flexibility really is the key to how we set up working schedules, we'll discuss your needs with you and be transparent about the working schedules of the team you'll be working with during our interview process. About Jagex: Make forever games with us. Jagex is a thriving international games company with a growing library of forever game IPs for core gamers. We have such huge expertise at running games for the long term that we redefine expectations for what evergreen success looks like. We create spaces for our players to come together - with each other and with us - inside and outside of our games. We empower our players with real influence on the game's evolution. We help our players belong. Our community experiences give players a greater stake in what they're playing, creating loyal forever fans. These strengths inform our vision of our studio as a thriving international games company with a growing library of forever game IPs for core gamers. Our forever games will nurture sizable communities whose loyalty provides consistent revenues. This in turn drives our mission: We create forever fans by empowering our community. We give players experiences worthy of their long-term time investment and actively collaborate with them to shape the games and the community for the better. If this is something you want to be a part of, get in touch. We have 500 of the industry's most talented individuals in our Cambridge studio; if you share our values and ambition, we'd love to talk to you. Worried you don't meet all the requirements in the spec? Your attitude, fresh perspective and experience is just as important to us; if you think this could be the perfect job for you, let's talk.
Feb 04, 2025
Full time
Are you a GRC specialist? Want to play a crucial role in the development, implementation, and management of Jagex's Governance, Risk, and Compliance (GRC) framework? Want to do that for one of the world's leading online games companies? This position will report to the Director of Cyber Security to ensure the company's information security policies and practices align with both industry regulations and internal strategic objectives, particularly focusing on supporting game development processes. What you'll be doing: GRC Framework Development: Develop and implement a comprehensive GRC framework that aligns with industry standards such as ISO 27001, NIST CSF, PCI-DSS, and GDPR. Manage and update the information security policies, ensuring they are current and relevant to evolving risks. Ensure alignment with legal, regulatory, and contractual obligations specific to the game development industry. Oversee the creation, implementation, and regular review of security policies, standards, and procedures. Collaborate with business units to ensure that policies are understood, accessible, and appropriately enforced. Risk Management: Identify, assess, and manage technical and non-technical security risks associated with game development, live operations, and supporting infrastructure. Develop risk treatment plans, work with game development teams to mitigate identified risks, and track remediation efforts. Compliance & Audit Management: Lead internal and external audits for compliance certifications, ensuring successful completion with minimal business disruption. Manage the lifecycle of compliance initiatives such as PCI-DSS, GDPR, and other regional requirements affecting game development operations. Stay informed of industry trends and changes in regulations that may impact security compliance efforts. Training & Awareness: Develop and deliver a security awareness program that targets various departments, with an emphasis on secure coding and game development practices. Ensure continuous education across the company on security policies, risks, and compliance. Vendor & Third-Party Risk Management: Evaluate the security posture of third-party vendors and partners, ensuring their practices align with the company's security policies. Oversee the third-party risk management process, conducting vendor security assessments and managing associated risks. What you'll need: Extensive experience in a GRC role within the gaming, technology, or software development industries. Proven experience in managing security policies, risk assessments, and compliance programs (such as ISO 27001, PCI-DSS, GDPR, etc.). Knowledge & Skills: Deep understanding of governance, risk, and compliance processes as they relate to game development. Strong knowledge of security frameworks and standards like ISO 27001, NIST CSF, SOC 2, and GDPR. Experience leading security audits and working with both internal and external auditors. Strong risk management skills, including conducting risk assessments, developing treatment plans, and overseeing remediation efforts. Excellent written and verbal communication skills, with the ability to convey complex security topics to technical and non-technical stakeholders. Relevant security certifications such as CISA, CISM, CRISC, or ISO 27001 Lead Implementer. Soft Skills: Strong leadership and project management abilities, with a track record of managing cross-functional teams. High attention to detail, proactive in identifying risks, and a solution-oriented approach. Ability to thrive in a dynamic, fast-paced game development environment. What we offer: Private Healthcare, including Dental Plan. Minimum 6% Pension contributions. Employee Assistance Programme & onsite Counselling. Life Insurance. Discretionary annual performance bonus. Enhanced family leave policies from day 1. Flexible working hours. 25 days annual leave + Bank holidays & the option to buy/sell holidays + so much more! Please note that due to us approaching the Christmas & New Year break, we have many people among the hiring teams who are on annual leave or will be absent due to the studio closing over the holiday period. This means that, in most cases, applications made during December are unlikely to proceed to interview until January 2025. We appreciate your patience during this time. Collaboration is at the heart of Jagex. We love getting together with our teams to share ideas and socialise. Flexibility really is the key to how we set up working schedules, we'll discuss your needs with you and be transparent about the working schedules of the team you'll be working with during our interview process. About Jagex: Make forever games with us. Jagex is a thriving international games company with a growing library of forever game IPs for core gamers. We have such huge expertise at running games for the long term that we redefine expectations for what evergreen success looks like. We create spaces for our players to come together - with each other and with us - inside and outside of our games. We empower our players with real influence on the game's evolution. We help our players belong. Our community experiences give players a greater stake in what they're playing, creating loyal forever fans. These strengths inform our vision of our studio as a thriving international games company with a growing library of forever game IPs for core gamers. Our forever games will nurture sizable communities whose loyalty provides consistent revenues. This in turn drives our mission: We create forever fans by empowering our community. We give players experiences worthy of their long-term time investment and actively collaborate with them to shape the games and the community for the better. If this is something you want to be a part of, get in touch. We have 500 of the industry's most talented individuals in our Cambridge studio; if you share our values and ambition, we'd love to talk to you. Worried you don't meet all the requirements in the spec? Your attitude, fresh perspective and experience is just as important to us; if you think this could be the perfect job for you, let's talk.
Are you a GRC specialist? Want to play a crucial role in the development, implementation, and management of Jagex's Governance, Risk, and Compliance (GRC) framework? Want to do that for one of the world's leading online games companies? This position will report to the Director of Cyber Security to ensure the company's information security policies and practices align with both industry regulations and internal strategic objectives, particularly focusing on supporting game development processes. What you'll be doing: GRC Framework Development: Develop and implement a comprehensive GRC framework that aligns with industry standards such as ISO 27001, NIST CSF, PCI-DSS, and GDPR. Manage and update the information security policies, ensuring they are current and relevant to evolving risks. Ensure alignment with legal, regulatory, and contractual obligations specific to the game development industry. Oversee the creation, implementation, and regular review of security policies, standards, and procedures. Collaborate with business units to ensure that policies are understood, accessible, and appropriately enforced. Risk Management: Identify, assess, and manage technical and non-technical security risks associated with game development, live operations, and supporting infrastructure. Develop risk treatment plans, work with game development teams to mitigate identified risks, and track remediation efforts. Compliance & Audit Management: Lead internal and external audits for compliance certifications, ensuring successful completion with minimal business disruption. Manage the lifecycle of compliance initiatives such as PCI-DSS, GDPR, and other regional requirements affecting game development operations. Stay informed of industry trends and changes in regulations that may impact security compliance efforts. Training & Awareness: Develop and deliver a security awareness program that targets various departments, with an emphasis on secure coding and game development practices. Ensure continuous education across the company on security policies, risks, and compliance. Vendor & Third-Party Risk Management: Evaluate the security posture of third-party vendors and partners, ensuring their practices align with the company's security policies. Oversee the third-party risk management process, conducting vendor security assessments and managing associated risks. What you'll need: Extensive experience in a GRC role within the gaming, technology, or software development industries. Proven experience in managing security policies, risk assessments, and compliance programs (such as ISO 27001, PCI-DSS, GDPR, etc.). Knowledge & Skills: Deep understanding of governance, risk, and compliance processes as they relate to game development. Strong knowledge of security frameworks and standards like ISO 27001, NIST CSF, SOC 2, and GDPR. Experience leading security audits and working with both internal and external auditors. Strong risk management skills, including conducting risk assessments, developing treatment plans, and overseeing remediation efforts. Excellent written and verbal communication skills, with the ability to convey complex security topics to technical and non-technical stakeholders. Relevant security certifications such as CISA, CISM, CRISC, or ISO 27001 Lead Implementer. Soft Skills: Strong leadership and project management abilities, with a track record of managing cross-functional teams. High attention to detail, proactive in identifying risks, and a solution-oriented approach. Ability to thrive in a dynamic, fast-paced game development environment. What we offer: Private Healthcare, including Dental Plan. Minimum 6% Pension contributions. Employee Assistance Programme & onsite Counselling. Life Insurance. Discretionary annual performance bonus. Enhanced family leave policies from day 1. Flexible working hours. 25 days annual leave + Bank holidays & the option to buy/sell holidays + so much more! Please note that due to us approaching the Christmas & New Year break, we have many people among the hiring teams who are on annual leave or will be absent due to the studio closing over the holiday period. This means that, in most cases, applications made during December are unlikely to proceed to interview until January 2025. We appreciate your patience during this time. Collaboration is at the heart of Jagex. We love getting together with our teams to share ideas and socialise. Flexibility really is the key to how we set up working schedules, we'll discuss your needs with you and be transparent about the working schedules of the team you'll be working with during our interview process. About Jagex: Make forever games with us. Jagex is a thriving international games company with a growing library of forever game IPs for core gamers. We have such huge expertise at running games for the long term that we redefine expectations for what evergreen success looks like. We create spaces for our players to come together - with each other and with us - inside and outside of our games. We empower our players with real influence on the game's evolution. We help our players belong. Our community experiences give players a greater stake in what they're playing, creating loyal forever fans. If this is something you want to be a part of, get in touch. We have 500 of the industry's most talented individuals in our Cambridge studio; if you share our values and ambition, we'd love to talk to you. Worried you don't meet all the requirements in the spec? Your attitude, fresh perspective and experience is just as important to us; if you think this could be the perfect job for you, let's talk.
Feb 04, 2025
Full time
Are you a GRC specialist? Want to play a crucial role in the development, implementation, and management of Jagex's Governance, Risk, and Compliance (GRC) framework? Want to do that for one of the world's leading online games companies? This position will report to the Director of Cyber Security to ensure the company's information security policies and practices align with both industry regulations and internal strategic objectives, particularly focusing on supporting game development processes. What you'll be doing: GRC Framework Development: Develop and implement a comprehensive GRC framework that aligns with industry standards such as ISO 27001, NIST CSF, PCI-DSS, and GDPR. Manage and update the information security policies, ensuring they are current and relevant to evolving risks. Ensure alignment with legal, regulatory, and contractual obligations specific to the game development industry. Oversee the creation, implementation, and regular review of security policies, standards, and procedures. Collaborate with business units to ensure that policies are understood, accessible, and appropriately enforced. Risk Management: Identify, assess, and manage technical and non-technical security risks associated with game development, live operations, and supporting infrastructure. Develop risk treatment plans, work with game development teams to mitigate identified risks, and track remediation efforts. Compliance & Audit Management: Lead internal and external audits for compliance certifications, ensuring successful completion with minimal business disruption. Manage the lifecycle of compliance initiatives such as PCI-DSS, GDPR, and other regional requirements affecting game development operations. Stay informed of industry trends and changes in regulations that may impact security compliance efforts. Training & Awareness: Develop and deliver a security awareness program that targets various departments, with an emphasis on secure coding and game development practices. Ensure continuous education across the company on security policies, risks, and compliance. Vendor & Third-Party Risk Management: Evaluate the security posture of third-party vendors and partners, ensuring their practices align with the company's security policies. Oversee the third-party risk management process, conducting vendor security assessments and managing associated risks. What you'll need: Extensive experience in a GRC role within the gaming, technology, or software development industries. Proven experience in managing security policies, risk assessments, and compliance programs (such as ISO 27001, PCI-DSS, GDPR, etc.). Knowledge & Skills: Deep understanding of governance, risk, and compliance processes as they relate to game development. Strong knowledge of security frameworks and standards like ISO 27001, NIST CSF, SOC 2, and GDPR. Experience leading security audits and working with both internal and external auditors. Strong risk management skills, including conducting risk assessments, developing treatment plans, and overseeing remediation efforts. Excellent written and verbal communication skills, with the ability to convey complex security topics to technical and non-technical stakeholders. Relevant security certifications such as CISA, CISM, CRISC, or ISO 27001 Lead Implementer. Soft Skills: Strong leadership and project management abilities, with a track record of managing cross-functional teams. High attention to detail, proactive in identifying risks, and a solution-oriented approach. Ability to thrive in a dynamic, fast-paced game development environment. What we offer: Private Healthcare, including Dental Plan. Minimum 6% Pension contributions. Employee Assistance Programme & onsite Counselling. Life Insurance. Discretionary annual performance bonus. Enhanced family leave policies from day 1. Flexible working hours. 25 days annual leave + Bank holidays & the option to buy/sell holidays + so much more! Please note that due to us approaching the Christmas & New Year break, we have many people among the hiring teams who are on annual leave or will be absent due to the studio closing over the holiday period. This means that, in most cases, applications made during December are unlikely to proceed to interview until January 2025. We appreciate your patience during this time. Collaboration is at the heart of Jagex. We love getting together with our teams to share ideas and socialise. Flexibility really is the key to how we set up working schedules, we'll discuss your needs with you and be transparent about the working schedules of the team you'll be working with during our interview process. About Jagex: Make forever games with us. Jagex is a thriving international games company with a growing library of forever game IPs for core gamers. We have such huge expertise at running games for the long term that we redefine expectations for what evergreen success looks like. We create spaces for our players to come together - with each other and with us - inside and outside of our games. We empower our players with real influence on the game's evolution. We help our players belong. Our community experiences give players a greater stake in what they're playing, creating loyal forever fans. If this is something you want to be a part of, get in touch. We have 500 of the industry's most talented individuals in our Cambridge studio; if you share our values and ambition, we'd love to talk to you. Worried you don't meet all the requirements in the spec? Your attitude, fresh perspective and experience is just as important to us; if you think this could be the perfect job for you, let's talk.
Are you an Information Security expert looking to work for one of the UK's largest charities? British Heart Foundation (BHF) is undergoing a digital transformation and seeking an Information Security Manager to oversee Governance, Risk, and Compliance (GRC) within the security team and ensure regulatory and policy compliance. Joining a dynamic and growing information security team at an exciting point in the charities history you ll collaborate with teams across British Heart Foundation (BHF) to protect BHF s objectives and integrity. Responsibilities include risk identification, assessment, mitigation, and maintaining a robust governance framework. You ll also manage the Information Security GRC team, enhancing security, compliance, and risk posture in line with industry standards while maintaining ethical practices. Working arrangements This is a blended role, where your work will be dual located between your home and our London office. At BHF we believe in the power of being together, so our colleagues on blended contracts can expect to spend some time in their office, at least one day each week, on average. The use of our office spaces is driven in part by your role and the activities you need to do. This may vary from time to time, so you will need to work in a flexible way to unlock your best work for our cause. About you This opportunity would suit an experienced GRC professional who excels in a collaborative environment and has hands-on risk management and reporting experience. You ll have strong knowledge and experience of working with the following: • Payment Card Industry Data Security Standard (PCI-DSS) for a Tier 1 merchant • General Data Protection Regulation (GDPR) • NIST Cybersecurity Framework (CSF) v2.0 • Critical Security Controls Libraries such as CIS Controls • Cyber Essential Plus (CEP) With proven experience in managing and delivering complex GRC activities within a fast-paced and dynamic security domain, you ll have previous experience of working within a risk management framework as well as Cloud Security governance. To be successful in this role you ll also have the following skills and experience: • Effective at building relationships across a large complex organisation and influencing stakeholders. • Excellent communication and presentation skills, able to translate complex security-related matters into terms that are easily understood by colleagues. • Planning skills to develop a governance risk and compliance roadmap to be executed by the GRC team. • Excellent analytical and problem-solving skills. • Able to manage multiple tasks and meet deadlines in a fast-paced environment. About us At BHF, we are focused on the urgent need to fund more research into heart and circulatory diseases like heart diseases, stroke, vascular dementia and the conditions that cause them, to find answers fit for 21st century challenges. We are independent, have more than fifty years of breakthroughs under our belts and we won t stop until we beat heartbreak forever. We value and respect every individual s unique contribution, celebrate diversity, and make inclusion part of what we do every day. Our Equality, Diversity and Inclusion (EDI) Strategy, Igniting Change, along with our internal EDI group, Kaleidoscope, and a growing number of employee network groups (our Affinity Groups), help us create an environment where all our colleagues and volunteers can succeed.
Feb 03, 2025
Full time
Are you an Information Security expert looking to work for one of the UK's largest charities? British Heart Foundation (BHF) is undergoing a digital transformation and seeking an Information Security Manager to oversee Governance, Risk, and Compliance (GRC) within the security team and ensure regulatory and policy compliance. Joining a dynamic and growing information security team at an exciting point in the charities history you ll collaborate with teams across British Heart Foundation (BHF) to protect BHF s objectives and integrity. Responsibilities include risk identification, assessment, mitigation, and maintaining a robust governance framework. You ll also manage the Information Security GRC team, enhancing security, compliance, and risk posture in line with industry standards while maintaining ethical practices. Working arrangements This is a blended role, where your work will be dual located between your home and our London office. At BHF we believe in the power of being together, so our colleagues on blended contracts can expect to spend some time in their office, at least one day each week, on average. The use of our office spaces is driven in part by your role and the activities you need to do. This may vary from time to time, so you will need to work in a flexible way to unlock your best work for our cause. About you This opportunity would suit an experienced GRC professional who excels in a collaborative environment and has hands-on risk management and reporting experience. You ll have strong knowledge and experience of working with the following: • Payment Card Industry Data Security Standard (PCI-DSS) for a Tier 1 merchant • General Data Protection Regulation (GDPR) • NIST Cybersecurity Framework (CSF) v2.0 • Critical Security Controls Libraries such as CIS Controls • Cyber Essential Plus (CEP) With proven experience in managing and delivering complex GRC activities within a fast-paced and dynamic security domain, you ll have previous experience of working within a risk management framework as well as Cloud Security governance. To be successful in this role you ll also have the following skills and experience: • Effective at building relationships across a large complex organisation and influencing stakeholders. • Excellent communication and presentation skills, able to translate complex security-related matters into terms that are easily understood by colleagues. • Planning skills to develop a governance risk and compliance roadmap to be executed by the GRC team. • Excellent analytical and problem-solving skills. • Able to manage multiple tasks and meet deadlines in a fast-paced environment. About us At BHF, we are focused on the urgent need to fund more research into heart and circulatory diseases like heart diseases, stroke, vascular dementia and the conditions that cause them, to find answers fit for 21st century challenges. We are independent, have more than fifty years of breakthroughs under our belts and we won t stop until we beat heartbreak forever. We value and respect every individual s unique contribution, celebrate diversity, and make inclusion part of what we do every day. Our Equality, Diversity and Inclusion (EDI) Strategy, Igniting Change, along with our internal EDI group, Kaleidoscope, and a growing number of employee network groups (our Affinity Groups), help us create an environment where all our colleagues and volunteers can succeed.
Career Opportunities: Information Security GRC Manager (FTC) (10652) Requisition ID 10652 - Posted - Technology - London JOB TITLE: INFORMATION SECURITY GRC MANAGER DEPARTMENT: TECHNOLOGY LOCATION: MARBLE ARCH, LONDON REPORTING TO: HEAD OF INFORMATION SECURITY TYPE OF CONTRACT: 12 MONTH FTC PLACES, PEOPLE, PREFER Our purpose is to create and manage outstanding places which deliver positive outcomes for all our stakeholders on a long-term, sustainable basis. We are a FTSE 100 business with a strong balance sheet and £13bn of assets under management. But with just 600 employees, you're given the ability to make a big impact and elevate your career quickly. Our diverse, passionate team of experts works on some of the most ambitious, innovative, and sustainable projects in the country - from our high-quality campuses across central London to some of the top retail schemes in the UK - providing a rewarding career journey where you can shape how you grow. We believe in shared success and enabling people to be themselves. If you want to feel listened to and understood in an environment where your opinions count and bright ideas are encouraged, you've come to the right place! In our recent engagement survey, 93% of our employees stated they were proud to work for British Land! THE ROLE Reporting to the Head of Information Security, the primary responsibility of this role is to oversee the development, implementation, and management of British Land's information security governance, risk, and compliance programs. This role ensures that the organisation's information security practices align with regulatory requirements, industry standards, and best practices. The GRC Manager will work closely with various departments to identify, assess, and mitigate information security risks. The ideal candidate will have proven experience in cyber security principles and be proactive in identifying and responding to security threats. WHAT YOU'LL DO Assisting with the support of technologies in the following categories: Governance: Develop and maintain information security policies, standards, and procedures. Ensure alignment of security policies with business objectives and regulatory requirements. Monitor compliance with policies and conduct regular reviews and updates of security policies and procedures. Complete security assessments for third-party suppliers, assets (buildings/Retail), and projects to ensure adherence to cyber security policies and standards. Deliver and maintain the Supplier Risk Assessment process. Identify and assess information security risks across the organisation and maintain the risk register. Develop and implement risk mitigation strategies and action plans. Conduct regular risk assessments and audits to ensure compliance with security policies and standards. Monitor and report on the status of risk management activities. Compliance: Ensure compliance with relevant laws, regulations, and industry standards (e.g., GDPR, ISO 27001). Coordinate and support internal and external audits and assessments. Develop and deliver security awareness and training programs to employees. Maintain documentation and evidence of compliance activities. ADVOCACY: Articulate the need for information security and compliance. Build strong stakeholder relationships across the business to enable effective communication and delivery of infosec objectives. Responsible for delivery of infosec controls which are effectively designed and implemented. Identify security gaps and work with stakeholders to clearly define remediation actions. Provide guidance and support to business units on security-related matters. Manage security awareness training courses, rollout, liaison with the Training team, arrange phishing tests and metrics, and provide remediation training in person to required employees. Manage Information Security SteerCo meetings, take minutes, organize meetings and actions, and support the committee in the role of Secretary. Support Technology projects with security analysis on any proposed solutions and ensure any risks are highlighted and addressed as part of the project. Liaise with stakeholders regarding cyber security issues and provide future recommendations. Research and generate reports for both technical and non-technical staff and stakeholders. Provide advice and guidance to staff on information security related issues. Define and monitor security policies and best practice standards. ABOUT YOU Strong written and oral communication skills. Passionate about Information Security and proactive in recommending ways to further improve our security posture. Self-motivated problem solver. Strong time management and organisational skills. Pragmatic - making the best of the tools that we have and getting the best out of them. Recognise the balance between security and productivity. Understanding of Information Security Risk Management concepts. Experience of working collaboratively within an IT department. OUR SHARED VALUES Our values are what we stand for at British Land; they're not just a label on the door; they connect us every day to our vision, purpose, and strategy. They help us to promote an inclusive, positive, and collaborative culture. Our People - Just ask anyone why they love working here and they will tell you it's the people. They're highly talented, passionate, and collaborative! We thank our people with rewards that feel rewarding; you can review our market-leading benefits here. OUR RECRUITMENT PROCESS If you enjoy bringing your whole self to work, share our values, and are excited about our purpose, we'd love to hear from you! We are committed to providing an accessible and inclusive process; learn more about our selection process here. Please note that we endeavour to get back to all applicants within 28 days. If you haven't heard from us within this period, please assume that you have been unsuccessful on this occasion.
Feb 02, 2025
Full time
Career Opportunities: Information Security GRC Manager (FTC) (10652) Requisition ID 10652 - Posted - Technology - London JOB TITLE: INFORMATION SECURITY GRC MANAGER DEPARTMENT: TECHNOLOGY LOCATION: MARBLE ARCH, LONDON REPORTING TO: HEAD OF INFORMATION SECURITY TYPE OF CONTRACT: 12 MONTH FTC PLACES, PEOPLE, PREFER Our purpose is to create and manage outstanding places which deliver positive outcomes for all our stakeholders on a long-term, sustainable basis. We are a FTSE 100 business with a strong balance sheet and £13bn of assets under management. But with just 600 employees, you're given the ability to make a big impact and elevate your career quickly. Our diverse, passionate team of experts works on some of the most ambitious, innovative, and sustainable projects in the country - from our high-quality campuses across central London to some of the top retail schemes in the UK - providing a rewarding career journey where you can shape how you grow. We believe in shared success and enabling people to be themselves. If you want to feel listened to and understood in an environment where your opinions count and bright ideas are encouraged, you've come to the right place! In our recent engagement survey, 93% of our employees stated they were proud to work for British Land! THE ROLE Reporting to the Head of Information Security, the primary responsibility of this role is to oversee the development, implementation, and management of British Land's information security governance, risk, and compliance programs. This role ensures that the organisation's information security practices align with regulatory requirements, industry standards, and best practices. The GRC Manager will work closely with various departments to identify, assess, and mitigate information security risks. The ideal candidate will have proven experience in cyber security principles and be proactive in identifying and responding to security threats. WHAT YOU'LL DO Assisting with the support of technologies in the following categories: Governance: Develop and maintain information security policies, standards, and procedures. Ensure alignment of security policies with business objectives and regulatory requirements. Monitor compliance with policies and conduct regular reviews and updates of security policies and procedures. Complete security assessments for third-party suppliers, assets (buildings/Retail), and projects to ensure adherence to cyber security policies and standards. Deliver and maintain the Supplier Risk Assessment process. Identify and assess information security risks across the organisation and maintain the risk register. Develop and implement risk mitigation strategies and action plans. Conduct regular risk assessments and audits to ensure compliance with security policies and standards. Monitor and report on the status of risk management activities. Compliance: Ensure compliance with relevant laws, regulations, and industry standards (e.g., GDPR, ISO 27001). Coordinate and support internal and external audits and assessments. Develop and deliver security awareness and training programs to employees. Maintain documentation and evidence of compliance activities. ADVOCACY: Articulate the need for information security and compliance. Build strong stakeholder relationships across the business to enable effective communication and delivery of infosec objectives. Responsible for delivery of infosec controls which are effectively designed and implemented. Identify security gaps and work with stakeholders to clearly define remediation actions. Provide guidance and support to business units on security-related matters. Manage security awareness training courses, rollout, liaison with the Training team, arrange phishing tests and metrics, and provide remediation training in person to required employees. Manage Information Security SteerCo meetings, take minutes, organize meetings and actions, and support the committee in the role of Secretary. Support Technology projects with security analysis on any proposed solutions and ensure any risks are highlighted and addressed as part of the project. Liaise with stakeholders regarding cyber security issues and provide future recommendations. Research and generate reports for both technical and non-technical staff and stakeholders. Provide advice and guidance to staff on information security related issues. Define and monitor security policies and best practice standards. ABOUT YOU Strong written and oral communication skills. Passionate about Information Security and proactive in recommending ways to further improve our security posture. Self-motivated problem solver. Strong time management and organisational skills. Pragmatic - making the best of the tools that we have and getting the best out of them. Recognise the balance between security and productivity. Understanding of Information Security Risk Management concepts. Experience of working collaboratively within an IT department. OUR SHARED VALUES Our values are what we stand for at British Land; they're not just a label on the door; they connect us every day to our vision, purpose, and strategy. They help us to promote an inclusive, positive, and collaborative culture. Our People - Just ask anyone why they love working here and they will tell you it's the people. They're highly talented, passionate, and collaborative! We thank our people with rewards that feel rewarding; you can review our market-leading benefits here. OUR RECRUITMENT PROCESS If you enjoy bringing your whole self to work, share our values, and are excited about our purpose, we'd love to hear from you! We are committed to providing an accessible and inclusive process; learn more about our selection process here. Please note that we endeavour to get back to all applicants within 28 days. If you haven't heard from us within this period, please assume that you have been unsuccessful on this occasion.
Governance, Risk and Compliance Manager (GRC Manager) About the Role: The GRC Manager is a senior role within the Information Security team, responsible for maintaining and improving governance and risk frameworks for IT Services. You will define risk and governance processes, including how process owners are identified and the activities to ensure that the process is governed effectively, to ensure that IT systems and information assets are adequately protected. You will be responsible for identifying, evaluating and reporting on governance and compliance risks and issues in a manner that meets the clients regulatory and legal requirements. The GRC Manager works proactively with the various departments, business units and suppliers to implement practices that meet the clients defined policies and standards for information risk management, governance and compliance. About You: You will have a significant level of specialist expertise in IT Governance, Risk and Compliance, with proven responsibility for, and experience of, executing a robust risk and governance process and frameworks in a complex environment. You will be successful at delivering high quality, robust, resilient, responsive and secure enterprise-wide IT and Information Security governance, pursuing customer-focused approaches to achieve good governance within a risk-based approach. You should ideally have a degree and/or professional qualification in an IT subject or in-depth experience in relevant technical area. It is essential that you either hold a risk management qualification (e.g. CRISC) or can otherwise demonstrate significant management and operational experience using appropriate best practice information risk frameworks such as ISO 27001. It is desirable that you have project management qualifications e.g. Prince 2, MSP, PMP qualified or demonstrable experience of managing projects. The client is a world-renowned institution known for its research excellence and innovative work. Located in a vibrant area of London, it offers a diverse and inclusive environment, fostering collaboration across disciplines. With state-of-the-art facilities and a commitment to excellence, it supports staff in achieving their full potential. Title: Governance, Risk and Compliance Manager. Location: Hybrid with 2 days a week in the London office. Duration: Full time permanent. Start Date: c April/May depending on availability/notice period. Salary: c 53,000 - 60,000 pa , plus generous pension scheme, 30 days' leave per annum and access to a comprehensive range of personal and professional development opportunities. In addition, they offer a range of work life balance and family friendly, inclusive employment policies, facilities and flexible working arrangements. Valuing Diversity & Committed to Equality. The client has a commitment to diversity and inclusivity which is embedded in their appointments processes. Reasonable adjustments will be made at each stage of the recruitment process for any candidate with a disability. We are open to considering applications from candidates wishing to work flexibly. The closing date for applications is 13th February 2025. Interviews for people invited to interview these are expected to be week commencing 3rd March 2025. Next steps if you wish to apply please send your CV to Simon via (url removed) Services Advertised are those of an Employment agency.
Jan 29, 2025
Full time
Governance, Risk and Compliance Manager (GRC Manager) About the Role: The GRC Manager is a senior role within the Information Security team, responsible for maintaining and improving governance and risk frameworks for IT Services. You will define risk and governance processes, including how process owners are identified and the activities to ensure that the process is governed effectively, to ensure that IT systems and information assets are adequately protected. You will be responsible for identifying, evaluating and reporting on governance and compliance risks and issues in a manner that meets the clients regulatory and legal requirements. The GRC Manager works proactively with the various departments, business units and suppliers to implement practices that meet the clients defined policies and standards for information risk management, governance and compliance. About You: You will have a significant level of specialist expertise in IT Governance, Risk and Compliance, with proven responsibility for, and experience of, executing a robust risk and governance process and frameworks in a complex environment. You will be successful at delivering high quality, robust, resilient, responsive and secure enterprise-wide IT and Information Security governance, pursuing customer-focused approaches to achieve good governance within a risk-based approach. You should ideally have a degree and/or professional qualification in an IT subject or in-depth experience in relevant technical area. It is essential that you either hold a risk management qualification (e.g. CRISC) or can otherwise demonstrate significant management and operational experience using appropriate best practice information risk frameworks such as ISO 27001. It is desirable that you have project management qualifications e.g. Prince 2, MSP, PMP qualified or demonstrable experience of managing projects. The client is a world-renowned institution known for its research excellence and innovative work. Located in a vibrant area of London, it offers a diverse and inclusive environment, fostering collaboration across disciplines. With state-of-the-art facilities and a commitment to excellence, it supports staff in achieving their full potential. Title: Governance, Risk and Compliance Manager. Location: Hybrid with 2 days a week in the London office. Duration: Full time permanent. Start Date: c April/May depending on availability/notice period. Salary: c 53,000 - 60,000 pa , plus generous pension scheme, 30 days' leave per annum and access to a comprehensive range of personal and professional development opportunities. In addition, they offer a range of work life balance and family friendly, inclusive employment policies, facilities and flexible working arrangements. Valuing Diversity & Committed to Equality. The client has a commitment to diversity and inclusivity which is embedded in their appointments processes. Reasonable adjustments will be made at each stage of the recruitment process for any candidate with a disability. We are open to considering applications from candidates wishing to work flexibly. The closing date for applications is 13th February 2025. Interviews for people invited to interview these are expected to be week commencing 3rd March 2025. Next steps if you wish to apply please send your CV to Simon via (url removed) Services Advertised are those of an Employment agency.
Information Security Manager - CGRC 70k + Bonus + Package, Based Bristol (Hybrid working) This is an exceptional opportunity to work for our client, a global defence tech organisation. In this exciting role the successful candidate will be responsible for providing Information Security support and advice to meet the needs of the UK business in line with all relevant policies, procedures, requirements, and standards. Ensure the information security compliance of the corporate IT infrastructure against company and MoD policy requirements. The Role: Ensure that Business Unit is demonstrate corporate consistency and compliance with company and MoD information security policies and other regulatory requirements GDPR and DPA. Oversee company Supply Chain on-boarding approvals. Develop and implement a program leading to ISO27001 Certification. Conduct internal assessments and support Business Unit's in developing and maintaining effective security processes and procedures. Ensure a robust internal governance framework exists for compliance with company and MoD policies SAL, F1686, DCPP. Develop and manage a program of risk assessment activity and provide support and guidance on implementation of risk management controls. Develop and manage an information security training awareness programme for all employees and implement a strong cultural awareness campaign. Support essential activity to the business continuity management program for all information assurance activities including BCP Plan testing and reporting. Work closely with IT and wider stakeholders to maintain the corporate security posture around enterprise systems. Manage and oversee information security accreditation requirements. This includes the maintenance of ISO and Cyber Essentials certification and supporting external compliance audits. Identify and implement continuous improvement in company information security processes, reflecting current best practices. Ensure that policies and processes benefit the business without unnecessary bureaucracy. Support the CISO in delivering the Information Security strategy. The Person: Knowledge and understanding of UK MOD and Government information security policies, processes, standards, and guidance. Previous experience in a similar role working as an information security manager with knowledge and experience of UK MOD and Government information security policies, processes, standards, and guidance. Experience in risk management including the creation of information security risk assessments, risk acceptance criteria and risk treatment plans. Experience of security audit and compliance in accordance with ISO 27001 or other recognisable frameworks. Experienced in teamwork and collaboration. The ability to proactively build and manage effective communication within a group or team. In line with company Baseline Security requirements, candidates will be asked to provide evidence of identity & eligibility to work in the UK.
Jan 29, 2025
Full time
Information Security Manager - CGRC 70k + Bonus + Package, Based Bristol (Hybrid working) This is an exceptional opportunity to work for our client, a global defence tech organisation. In this exciting role the successful candidate will be responsible for providing Information Security support and advice to meet the needs of the UK business in line with all relevant policies, procedures, requirements, and standards. Ensure the information security compliance of the corporate IT infrastructure against company and MoD policy requirements. The Role: Ensure that Business Unit is demonstrate corporate consistency and compliance with company and MoD information security policies and other regulatory requirements GDPR and DPA. Oversee company Supply Chain on-boarding approvals. Develop and implement a program leading to ISO27001 Certification. Conduct internal assessments and support Business Unit's in developing and maintaining effective security processes and procedures. Ensure a robust internal governance framework exists for compliance with company and MoD policies SAL, F1686, DCPP. Develop and manage a program of risk assessment activity and provide support and guidance on implementation of risk management controls. Develop and manage an information security training awareness programme for all employees and implement a strong cultural awareness campaign. Support essential activity to the business continuity management program for all information assurance activities including BCP Plan testing and reporting. Work closely with IT and wider stakeholders to maintain the corporate security posture around enterprise systems. Manage and oversee information security accreditation requirements. This includes the maintenance of ISO and Cyber Essentials certification and supporting external compliance audits. Identify and implement continuous improvement in company information security processes, reflecting current best practices. Ensure that policies and processes benefit the business without unnecessary bureaucracy. Support the CISO in delivering the Information Security strategy. The Person: Knowledge and understanding of UK MOD and Government information security policies, processes, standards, and guidance. Previous experience in a similar role working as an information security manager with knowledge and experience of UK MOD and Government information security policies, processes, standards, and guidance. Experience in risk management including the creation of information security risk assessments, risk acceptance criteria and risk treatment plans. Experience of security audit and compliance in accordance with ISO 27001 or other recognisable frameworks. Experienced in teamwork and collaboration. The ability to proactively build and manage effective communication within a group or team. In line with company Baseline Security requirements, candidates will be asked to provide evidence of identity & eligibility to work in the UK.
Senior Data Resilience Tooling Manager Lloyds Banking Group London - hybrid working two days per week in the office & rest from home Salary & Benefits: £100,657 - £118,420 per annum (experience dependent), plus annual personal bonus, 15% employer pension contribution, flexible benefits package, private medical insurance, 30 days holiday plus bank holidays. Flexibility Works: We're extremely flexible employers, offering a range of options to suit your lifestyle including flexible hours, flex-summer holidays, flex-bank holidays, great parental support and a real focus on finding work-life balance! About us We're the Chief Data & Analytics Office (CDAO) within Lloyds Banking Group! The mission of Group Chief Data and Analytics Office is to promote, embed and commercialise Data and Analytics practice and culture across Lloyds Banking Group. The Data Resilience team is a new chapter within the Chief Data and Analytics Office. It has the responsibility to define and embed new Strategies, Operating Models and Control Frameworks to protect the Banks critical data services that our customers, colleagues and the market rely upon. Background The aim of the team is to protect our customers, colleagues & markets by ensuring we comply with the spirit of the regulatory requirements for operational resilience established by the Bank of England, FCA and PRA. The Data Resilience team have 3 main objectives: Setting up a Data Pillar: identify & define critical data assets supporting critical business processes. Finding innovative and pioneering solutions to deliver Data Pillar in ServiceNow - perhaps first in the industry. Assess level of resilience around those assets. Key part of the assignment is to define/design/test and implement tooling requirements around this. Currently we use ServiceNow and InsPi Designer but are also looking into AI automation in 2025 to reduce manual overhead. The Data Resilience team are managing the E2E delivery of Data Resilience & Data Pillar Set-up, from requirements gathering, definition, user stories, ServiceNow platform, agree solutions, do the build, testing, implementation etc About the Role As part of the Programme, we are improving and developing the Bank's Operational resilience capability around our Important Business Services in line with published FCA and PRA regulation. In the Data workstream we are developing our ServiceNow and Tooling capability to stand-up a new Data Pillar alongside our existing Technology, People, Property and Supply Chain Pillars. This will enable the Bank to understand, map its critical data assets and assess data resilience across our businesses. You'll focus on what is required to make data resilient, how the data flows, where it is stored, and how do we make the processes surrounding it resilient. This role is looking at business services, applications, assets. You'll need to understand asset classes and have a technical mindset. The role looks at how the data flow and how resilient it is, which includes understanding the elements around it, like messaging queues, batches, databases, external connections and the controls dimensions for integrity, availability and protection. This is not a Data Governance or data quality management role. Key Responsibilities: You'll lead on the implementation of ServiceNow Data Resilience, from inception of requirements to testing of solutions. You'll lead a small team to ensure the business is set up for success in using the tool and that requirements are understood and implemented in an agile way. You'll lead on the end-to-end testing cycles, refining delivered solutions and ensuring alignment with Data Resilience strategy. You'll look at how data flows from source to destination across the technology landscape and what can be done to ensure there is no data loss, data corruption, ransomware/malware attacks and the data can be recovered within the impact tolerance of Important Business Services. You'll understand upcoming regulatory requirements that will impact Data Resilience and the tooling solution (DORA, CTP, Outsourcing and Operational Resilience Regulations etc.). You'll support the establishment of controls and assessment frameworks that identify data vulnerabilities across a complex data and technical landscape (e.g., on premise, 3rd party, middleware, databases, 3rd party applications, messaging queues, data feeds, data connections, APIs, batches, and cloud environments). You'll support the embedding of data assessments engaging a large and diverse stakeholder group including target operating model design, data resilience MI design, data resilience RCSA design, changes to operational resilience, data security, technology, and data policies to embed the standards governing data resilience. You'll analyse outcomes of data resilience annual assessments and identify vulnerabilities from a data perspective across availability, integrity, and security of data. You'll support the creation of data lineage using Ins-Pi and ServiceNow outlining the applications required for each step of the journey, upstream and downstream applications, how data moves in transit or is held at rest across the technology landscape. You'll present findings at senior Governance forums and help drive/shape the execution plan to remediate vulnerabilities next year. What we're looking for We'd welcome applicants from diverse cultural and technological backgrounds, however financial services exposure will be important for this position. We will need to see evidence of the following in your CV: Expert level of understanding of ServiceNow GRC, with experience of implementing bespoke modules. Experience of managing SME's including Solution Architects, Business Analysts & QA Testers. Experience in identifying data resiliency issues on middleware components e.g. batches, messaging queues, third party data connections, encryption, data recovery & backup, data vaulting, data integrity, and cloud technologies. Financial Services experience and exposure to understanding some but not all; payments, cards, pensions, insurance, markets, trade & settlement, logon customer journeys. Technical knowledge of FCA, PRA, EBA guidelines on operational resilience. Strong experience in managing risks and controls. Ability to present to C-Suite level executives and explain complex detail in a consumable format. Desirable (but please apply if you don't have them!) Exposure to Ins-pi Designer for drawing data lineage. Strong experience in batches, messaging queues, third party data connections, encryption, data recovery & backup, data vaulting, data integrity and cloud technologies is essential. Strong experience in Disaster Recovery, back-up and restore, cyber threats and monitoring, data encryption domains. About working for us We want our people to feel that they belong and can be their best, regardless of background, identity or culture. We were one of the first major organisations to set goals on diversity in senior roles, create a menopause health package, and a dedicated Working with Cancer initiative. We're disability confident. So, if you'd like reasonable adjustments to be made to our recruitment processes, just let us know. Ready for a career where you can have a positive impact as you learn, grow and thrive? Apply today and find out more!
Jan 25, 2025
Full time
Senior Data Resilience Tooling Manager Lloyds Banking Group London - hybrid working two days per week in the office & rest from home Salary & Benefits: £100,657 - £118,420 per annum (experience dependent), plus annual personal bonus, 15% employer pension contribution, flexible benefits package, private medical insurance, 30 days holiday plus bank holidays. Flexibility Works: We're extremely flexible employers, offering a range of options to suit your lifestyle including flexible hours, flex-summer holidays, flex-bank holidays, great parental support and a real focus on finding work-life balance! About us We're the Chief Data & Analytics Office (CDAO) within Lloyds Banking Group! The mission of Group Chief Data and Analytics Office is to promote, embed and commercialise Data and Analytics practice and culture across Lloyds Banking Group. The Data Resilience team is a new chapter within the Chief Data and Analytics Office. It has the responsibility to define and embed new Strategies, Operating Models and Control Frameworks to protect the Banks critical data services that our customers, colleagues and the market rely upon. Background The aim of the team is to protect our customers, colleagues & markets by ensuring we comply with the spirit of the regulatory requirements for operational resilience established by the Bank of England, FCA and PRA. The Data Resilience team have 3 main objectives: Setting up a Data Pillar: identify & define critical data assets supporting critical business processes. Finding innovative and pioneering solutions to deliver Data Pillar in ServiceNow - perhaps first in the industry. Assess level of resilience around those assets. Key part of the assignment is to define/design/test and implement tooling requirements around this. Currently we use ServiceNow and InsPi Designer but are also looking into AI automation in 2025 to reduce manual overhead. The Data Resilience team are managing the E2E delivery of Data Resilience & Data Pillar Set-up, from requirements gathering, definition, user stories, ServiceNow platform, agree solutions, do the build, testing, implementation etc About the Role As part of the Programme, we are improving and developing the Bank's Operational resilience capability around our Important Business Services in line with published FCA and PRA regulation. In the Data workstream we are developing our ServiceNow and Tooling capability to stand-up a new Data Pillar alongside our existing Technology, People, Property and Supply Chain Pillars. This will enable the Bank to understand, map its critical data assets and assess data resilience across our businesses. You'll focus on what is required to make data resilient, how the data flows, where it is stored, and how do we make the processes surrounding it resilient. This role is looking at business services, applications, assets. You'll need to understand asset classes and have a technical mindset. The role looks at how the data flow and how resilient it is, which includes understanding the elements around it, like messaging queues, batches, databases, external connections and the controls dimensions for integrity, availability and protection. This is not a Data Governance or data quality management role. Key Responsibilities: You'll lead on the implementation of ServiceNow Data Resilience, from inception of requirements to testing of solutions. You'll lead a small team to ensure the business is set up for success in using the tool and that requirements are understood and implemented in an agile way. You'll lead on the end-to-end testing cycles, refining delivered solutions and ensuring alignment with Data Resilience strategy. You'll look at how data flows from source to destination across the technology landscape and what can be done to ensure there is no data loss, data corruption, ransomware/malware attacks and the data can be recovered within the impact tolerance of Important Business Services. You'll understand upcoming regulatory requirements that will impact Data Resilience and the tooling solution (DORA, CTP, Outsourcing and Operational Resilience Regulations etc.). You'll support the establishment of controls and assessment frameworks that identify data vulnerabilities across a complex data and technical landscape (e.g., on premise, 3rd party, middleware, databases, 3rd party applications, messaging queues, data feeds, data connections, APIs, batches, and cloud environments). You'll support the embedding of data assessments engaging a large and diverse stakeholder group including target operating model design, data resilience MI design, data resilience RCSA design, changes to operational resilience, data security, technology, and data policies to embed the standards governing data resilience. You'll analyse outcomes of data resilience annual assessments and identify vulnerabilities from a data perspective across availability, integrity, and security of data. You'll support the creation of data lineage using Ins-Pi and ServiceNow outlining the applications required for each step of the journey, upstream and downstream applications, how data moves in transit or is held at rest across the technology landscape. You'll present findings at senior Governance forums and help drive/shape the execution plan to remediate vulnerabilities next year. What we're looking for We'd welcome applicants from diverse cultural and technological backgrounds, however financial services exposure will be important for this position. We will need to see evidence of the following in your CV: Expert level of understanding of ServiceNow GRC, with experience of implementing bespoke modules. Experience of managing SME's including Solution Architects, Business Analysts & QA Testers. Experience in identifying data resiliency issues on middleware components e.g. batches, messaging queues, third party data connections, encryption, data recovery & backup, data vaulting, data integrity, and cloud technologies. Financial Services experience and exposure to understanding some but not all; payments, cards, pensions, insurance, markets, trade & settlement, logon customer journeys. Technical knowledge of FCA, PRA, EBA guidelines on operational resilience. Strong experience in managing risks and controls. Ability to present to C-Suite level executives and explain complex detail in a consumable format. Desirable (but please apply if you don't have them!) Exposure to Ins-pi Designer for drawing data lineage. Strong experience in batches, messaging queues, third party data connections, encryption, data recovery & backup, data vaulting, data integrity and cloud technologies is essential. Strong experience in Disaster Recovery, back-up and restore, cyber threats and monitoring, data encryption domains. About working for us We want our people to feel that they belong and can be their best, regardless of background, identity or culture. We were one of the first major organisations to set goals on diversity in senior roles, create a menopause health package, and a dedicated Working with Cancer initiative. We're disability confident. So, if you'd like reasonable adjustments to be made to our recruitment processes, just let us know. Ready for a career where you can have a positive impact as you learn, grow and thrive? Apply today and find out more!
VICE PRESIDENT GOVERNANCE RISK & COMPLIANCE - AEROSPACE AND DEFENSE: Bullisher is a data-centric fintech solution provider in the aerospace and defense industry for institutional level investors, looking to disrupt and revolutionize a $3 trillion dollar industry. We spearhead an industry-leading Blackbox to facilitate and administer trade agreements, delivering solutions through innovation with uncompromising agility. JOB DESCRIPTION: The oversight requires you to create an immersive simulation that leverages advanced problem-solving methods and complex cognitive tasks to deliver real-global operations scenarios for performing GRC tasks in virtual reality. Collaborating with leading-edge cognitive thinking systems, networks, and Systems of System Engineering, cybersecurity, space applications, and electromagnetic spectrum operations applications. You will develop and deliver security programs in fast-paced innovational waves. Areas to focus: Configure and manage networks, servers, Optical ground station terminal, data center, and critical infrastructure. Manage day-to-day IT & Engineering needs (system administration, help desk support). Monitor security tools and respond to alerts and incidents. COMPLIANCE ACTIVITIES: Change Management Incident Management Maintenance Vulnerability scanning Implement NIST SP 800-171 for internal systems. Establish a System Security Plan (SSP) . The SSP needs to go through each NIST SP 800-171 control and include how the control is implemented, monitored, and enforced. GOVERNANCE: Create programs and pathways for transition into cybersecurity, regulations, compliance, and GRC, translating business into technical and security risk. RISK MANAGEMENT: The goal is to understand the lifecycle of risk, apply complex critical skills, asset inventory, risk assessment, identifying threats, and access management audits. ENVIRONMENT: This position will operate in the regulatory engineering division MULTIDOMAIN DEFENCE DOCK . QUALIFICATION, KEY REQUIREMENTS AND SKILLS SET: 20 years experience in emergent technology. Experience in architecting, building, and securing systems at scale. In-depth knowledge of cybersecurity compliance standards such as ISO, SOC, NIST, CMMC, EDRS, and ITAR. Certifications in (ISACA, CISM, CRISC, CISA, ITCA) . Certified Information Security Manager (CISM) is essential. Certified Authorization Professional (CAP) . Information Systems Security Architecture Professional (ISSAP) . GIAC Security Leadership Certificate (GSLC) . Information Systems Security Engineering Professional (ISSEP) . Information assurance system architecture and engineer (IASAE) . It's a prerequisite to be certified in one of the listed DoD 8570 Certifications. INTERVIEW PROCESS: STAGE 1: COGNITIVE ASSESSMENT SCREENING: WITH A 30+ YEAR EXPERIENCE PSYCHOLOGIST: STAGE 2: PRE-SCREENING (verification checks & DV security clearance) STAGE 3: INTERVIEW WITH THE: CEO, CTO & GC
Jan 21, 2025
Full time
VICE PRESIDENT GOVERNANCE RISK & COMPLIANCE - AEROSPACE AND DEFENSE: Bullisher is a data-centric fintech solution provider in the aerospace and defense industry for institutional level investors, looking to disrupt and revolutionize a $3 trillion dollar industry. We spearhead an industry-leading Blackbox to facilitate and administer trade agreements, delivering solutions through innovation with uncompromising agility. JOB DESCRIPTION: The oversight requires you to create an immersive simulation that leverages advanced problem-solving methods and complex cognitive tasks to deliver real-global operations scenarios for performing GRC tasks in virtual reality. Collaborating with leading-edge cognitive thinking systems, networks, and Systems of System Engineering, cybersecurity, space applications, and electromagnetic spectrum operations applications. You will develop and deliver security programs in fast-paced innovational waves. Areas to focus: Configure and manage networks, servers, Optical ground station terminal, data center, and critical infrastructure. Manage day-to-day IT & Engineering needs (system administration, help desk support). Monitor security tools and respond to alerts and incidents. COMPLIANCE ACTIVITIES: Change Management Incident Management Maintenance Vulnerability scanning Implement NIST SP 800-171 for internal systems. Establish a System Security Plan (SSP) . The SSP needs to go through each NIST SP 800-171 control and include how the control is implemented, monitored, and enforced. GOVERNANCE: Create programs and pathways for transition into cybersecurity, regulations, compliance, and GRC, translating business into technical and security risk. RISK MANAGEMENT: The goal is to understand the lifecycle of risk, apply complex critical skills, asset inventory, risk assessment, identifying threats, and access management audits. ENVIRONMENT: This position will operate in the regulatory engineering division MULTIDOMAIN DEFENCE DOCK . QUALIFICATION, KEY REQUIREMENTS AND SKILLS SET: 20 years experience in emergent technology. Experience in architecting, building, and securing systems at scale. In-depth knowledge of cybersecurity compliance standards such as ISO, SOC, NIST, CMMC, EDRS, and ITAR. Certifications in (ISACA, CISM, CRISC, CISA, ITCA) . Certified Information Security Manager (CISM) is essential. Certified Authorization Professional (CAP) . Information Systems Security Architecture Professional (ISSAP) . GIAC Security Leadership Certificate (GSLC) . Information Systems Security Engineering Professional (ISSEP) . Information assurance system architecture and engineer (IASAE) . It's a prerequisite to be certified in one of the listed DoD 8570 Certifications. INTERVIEW PROCESS: STAGE 1: COGNITIVE ASSESSMENT SCREENING: WITH A 30+ YEAR EXPERIENCE PSYCHOLOGIST: STAGE 2: PRE-SCREENING (verification checks & DV security clearance) STAGE 3: INTERVIEW WITH THE: CEO, CTO & GC
Business Information Security Manager Apply locations London, United Kingdom time type Full time posted on Posted 2 Days Ago job requisition id R The purpose of this role is to assist the Director of Business Information Security (BISO) in all security matters relating to the oversight of Information Security, Cyber Security and Data Privacy within the Regulatory Reporting business line of LSEG's Post Trade division. The successful candidate will be charged with ensuring that the critical business systems and data assets of Regulatory Reporting are adequately protected, and that all related information security and cyber controls remain effective and within risk appetite and/or have appropriate risk treatment plans in place to bring them back into risk appetite. The role will best suit an experienced Information Security Manager with extensive experience gained from having previously operated within Senior Management level InfoSec/Cyber roles within the FS or FMI industries. The successful candidate must be a subject matter expert in Information Security, as the role demands a very strong knowledge in all areas of information security and cyber security, as well as in-depth knowledge of legacy, existing, and emerging technologies including cloud and security technologies/controls. In addition to a solid foundational Security Governance Risk and Compliance (Security-GRC) skillset, a prior background in information security engineering, security architecture, and security operations will be advantageous in this role given the various levels of stakeholders as well as the tech/cyber projects that the successful candidate will engage with daily. Key responsibilities include: Assisting in the oversight of Information Security by: Reviewing and assessing the information security and cyber controls that enable Regulatory Reporting to conduct its business in a secure manner, and gap analysis of the same. The oversight of InfoSec/Cyber related control gap/risk remediation activities Monitoring and analysing the information security roadmaps, strategies, programmes, and projects within Regulatory Reporting, and identifying and reporting risks, trends and future opportunities for improvement and enhancement. Proactively engaging and working closely with the technology and cyber teams that are delivering technology and cyber services to the firm. Attending risk and governance meetings to provide updates to the Regulatory Reporting stakeholders from the three lines of defence regarding the delivery and progress of the various strategic cyber initiatives and broader cyber programme within LSEG. Working with colleagues from the three lines of defence to define the current risk posture of Regulatory Reporting and collaborating with those stakeholders to remediate identified risks/issues. Engaging with external third parties who provide services to Regulatory Reporting and working closely with the established internal third-party oversight functions to ensure appropriate and contracted levels of security are met. Establish and maintain a Cyber Risk Profile of Regulatory Reporting in line with other areas of LSEG. Assisting with the establishment and maintenance of a Risk Control Assessment (RCA) that focuses on InfoSec/Cyber risks and associated controls, etc. Maintaining the established key performance and key risk indicators and ensuring that all management information (MI) is an accurate reflection of the current control's estate. Maintaining an accurate set of executive level presentation materials that clearly and accurately present the current state of security control within Regulatory Reporting. Assessing the security architecture solution designs and risk position of projects and initiatives undertaken by Regulatory Reporting and working closely with associated SMEs and design authorities to ensure projects are delivered in compliance with Policies and Standards, and with security design principles considered/implemented as key success deliverables. Engagement with the business to: Develop an understanding of business goals and operational risks Identifying key areas for improvement Support the risk management decision processes and risk forums/committees Assisting with the identification of emerging information and cyber security threats to the business, and the subsequent analysis to realise and oversee risk mitigation plans, Build strong relationships within the business to gain an understanding of security-related business risks. Work closely with governance stakeholders in the 1st, 2nd, and 3rd lines of defence on all matters relating to information security, cyber risk, data privacy, including all regulatory and legislative considerations. Embedding Cyber across the firm by: Working closely with all necessary stakeholders in the business and technology areas to ensure compliance with established LSEG policies, standards, and procedures, etc. Constructively and pragmatically challenging established controls to ensure, recommend, and accommodate continuous improvement. Ensuring Regulatory Reporting stakeholders understand their responsibilities in relation to security risk mitigation and remediation. Monitoring industry information security trends and keeping business leadership informed about information security-related issues and activities potentially affecting the organisation and specific business functions. Security Governance, Technical, and Risk Review: The review and documenting of technologies and security controls across the firm, including areas such as; office spaces, data centres and cloud. Executing and concluding security controls maturity assessments against industry standards such as the NIST Cyber Security Framework, ISO27001/2, SOC2, etc Working closely with stakeholders to review all projects and initiatives, assessing them for appropriate/correct levels of security design and controls. Identification of technology and security risks across the firm and the assessment and appropriate risk scoring and presentation of the same. Produce appropriate risk remediation action plans and ability to present and take ownership of risk treatment proposals and action plans. Review and appropriate response to regulatory and legislative matters Produce and present risks and risk postures / cyber maturity to senior/executive bodies. Able to clearly and precisely present complex cyber risk matters to clients and regulators. Partnering with the different business control functions: Build knowledge of business units by assisting them with their security workloads, agendas, and difficulties. Maintaining a balanced relationship with risk, compliance, legal, human resources, and internal and external audit functions. Knowledge of technology, security, and threat landscapes: Staying abreast of emerging technologies, including all security technologies, Sustaining a deep and in-depth knowledge of the cyber threat landscape, Maintain and constantly enriching knowledge of information security and cyber risks as they develop, Being able to propose and explain appropriate cyber risk counter measures clearly and concisely. Remaining informed and knowledgeable on primary global data protection regulations and legislation. Experience and core skill requirements: 10 years minimum experience in senior InfoSec management roles Extensive previous exposure to FS or FMI industry organisations High performance in problem solving, innovating and critical thinking Excellent written/verbal communication and stakeholder management skills Ability to articulate ideas to both technical and non-technical audiences Must be capable of working pragmatically and efficiently in both a team and alone Able to prioritise workloads efficiently and appropriately with minimal supervision Able to work in fast paced, high-volume workload environment, prioritising accordingly Must Have Security Certifications: CISSP Desirable & Advantageous Certifications: CISSP-ISSAP, CISSP-ISSEP, CISM, CCSP, CCSK, CEH Working knowledge of Security Standards / Frameworks: ISO27K, ISF SOGP, NIST CSF, CIS, CSA STAR, CBEST, TIBER-EU, SOC2 LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth. Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions. Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce. You will be part of a collaborative and creative culture where we encourage new ideas and are committed to sustainability across our global business. LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives. We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone's race . click apply for full job details
Jan 21, 2025
Full time
Business Information Security Manager Apply locations London, United Kingdom time type Full time posted on Posted 2 Days Ago job requisition id R The purpose of this role is to assist the Director of Business Information Security (BISO) in all security matters relating to the oversight of Information Security, Cyber Security and Data Privacy within the Regulatory Reporting business line of LSEG's Post Trade division. The successful candidate will be charged with ensuring that the critical business systems and data assets of Regulatory Reporting are adequately protected, and that all related information security and cyber controls remain effective and within risk appetite and/or have appropriate risk treatment plans in place to bring them back into risk appetite. The role will best suit an experienced Information Security Manager with extensive experience gained from having previously operated within Senior Management level InfoSec/Cyber roles within the FS or FMI industries. The successful candidate must be a subject matter expert in Information Security, as the role demands a very strong knowledge in all areas of information security and cyber security, as well as in-depth knowledge of legacy, existing, and emerging technologies including cloud and security technologies/controls. In addition to a solid foundational Security Governance Risk and Compliance (Security-GRC) skillset, a prior background in information security engineering, security architecture, and security operations will be advantageous in this role given the various levels of stakeholders as well as the tech/cyber projects that the successful candidate will engage with daily. Key responsibilities include: Assisting in the oversight of Information Security by: Reviewing and assessing the information security and cyber controls that enable Regulatory Reporting to conduct its business in a secure manner, and gap analysis of the same. The oversight of InfoSec/Cyber related control gap/risk remediation activities Monitoring and analysing the information security roadmaps, strategies, programmes, and projects within Regulatory Reporting, and identifying and reporting risks, trends and future opportunities for improvement and enhancement. Proactively engaging and working closely with the technology and cyber teams that are delivering technology and cyber services to the firm. Attending risk and governance meetings to provide updates to the Regulatory Reporting stakeholders from the three lines of defence regarding the delivery and progress of the various strategic cyber initiatives and broader cyber programme within LSEG. Working with colleagues from the three lines of defence to define the current risk posture of Regulatory Reporting and collaborating with those stakeholders to remediate identified risks/issues. Engaging with external third parties who provide services to Regulatory Reporting and working closely with the established internal third-party oversight functions to ensure appropriate and contracted levels of security are met. Establish and maintain a Cyber Risk Profile of Regulatory Reporting in line with other areas of LSEG. Assisting with the establishment and maintenance of a Risk Control Assessment (RCA) that focuses on InfoSec/Cyber risks and associated controls, etc. Maintaining the established key performance and key risk indicators and ensuring that all management information (MI) is an accurate reflection of the current control's estate. Maintaining an accurate set of executive level presentation materials that clearly and accurately present the current state of security control within Regulatory Reporting. Assessing the security architecture solution designs and risk position of projects and initiatives undertaken by Regulatory Reporting and working closely with associated SMEs and design authorities to ensure projects are delivered in compliance with Policies and Standards, and with security design principles considered/implemented as key success deliverables. Engagement with the business to: Develop an understanding of business goals and operational risks Identifying key areas for improvement Support the risk management decision processes and risk forums/committees Assisting with the identification of emerging information and cyber security threats to the business, and the subsequent analysis to realise and oversee risk mitigation plans, Build strong relationships within the business to gain an understanding of security-related business risks. Work closely with governance stakeholders in the 1st, 2nd, and 3rd lines of defence on all matters relating to information security, cyber risk, data privacy, including all regulatory and legislative considerations. Embedding Cyber across the firm by: Working closely with all necessary stakeholders in the business and technology areas to ensure compliance with established LSEG policies, standards, and procedures, etc. Constructively and pragmatically challenging established controls to ensure, recommend, and accommodate continuous improvement. Ensuring Regulatory Reporting stakeholders understand their responsibilities in relation to security risk mitigation and remediation. Monitoring industry information security trends and keeping business leadership informed about information security-related issues and activities potentially affecting the organisation and specific business functions. Security Governance, Technical, and Risk Review: The review and documenting of technologies and security controls across the firm, including areas such as; office spaces, data centres and cloud. Executing and concluding security controls maturity assessments against industry standards such as the NIST Cyber Security Framework, ISO27001/2, SOC2, etc Working closely with stakeholders to review all projects and initiatives, assessing them for appropriate/correct levels of security design and controls. Identification of technology and security risks across the firm and the assessment and appropriate risk scoring and presentation of the same. Produce appropriate risk remediation action plans and ability to present and take ownership of risk treatment proposals and action plans. Review and appropriate response to regulatory and legislative matters Produce and present risks and risk postures / cyber maturity to senior/executive bodies. Able to clearly and precisely present complex cyber risk matters to clients and regulators. Partnering with the different business control functions: Build knowledge of business units by assisting them with their security workloads, agendas, and difficulties. Maintaining a balanced relationship with risk, compliance, legal, human resources, and internal and external audit functions. Knowledge of technology, security, and threat landscapes: Staying abreast of emerging technologies, including all security technologies, Sustaining a deep and in-depth knowledge of the cyber threat landscape, Maintain and constantly enriching knowledge of information security and cyber risks as they develop, Being able to propose and explain appropriate cyber risk counter measures clearly and concisely. Remaining informed and knowledgeable on primary global data protection regulations and legislation. Experience and core skill requirements: 10 years minimum experience in senior InfoSec management roles Extensive previous exposure to FS or FMI industry organisations High performance in problem solving, innovating and critical thinking Excellent written/verbal communication and stakeholder management skills Ability to articulate ideas to both technical and non-technical audiences Must be capable of working pragmatically and efficiently in both a team and alone Able to prioritise workloads efficiently and appropriately with minimal supervision Able to work in fast paced, high-volume workload environment, prioritising accordingly Must Have Security Certifications: CISSP Desirable & Advantageous Certifications: CISSP-ISSAP, CISSP-ISSEP, CISM, CCSP, CCSK, CEH Working knowledge of Security Standards / Frameworks: ISO27K, ISF SOGP, NIST CSF, CIS, CSA STAR, CBEST, TIBER-EU, SOC2 LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth. Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions. Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce. You will be part of a collaborative and creative culture where we encourage new ideas and are committed to sustainability across our global business. LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives. We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone's race . click apply for full job details
In this role, you will: Lead the Information Security Management System (ISMS) and ensure compliance with GDPR, ISO 27001, SOC 2, AI Act/ISO 42001, and DORA. Conduct audits and maintain security policies. Enhance the sales process by completing GRC-related questions in RFPs and participating in customer calls to address security inquiries. Maintain and update security white papers and related documentation. Work cross-functionally across engineering, legal, and commercial teams to enhance security measures. Your background looks something like: 2-5 years of professional experience in legal or operations. Experience in a smaller SaaS company. Preferred Education: MSc in Law, Engineering or related field. Familiarity with one or more of the following: GDPR, ISO 27001, SOC 2, AI Act/ISO 42001, and DORA. What We Offer Career development opportunities in a rapidly evolving entrepreneurial environment. Direct collaboration with senior leadership and the opportunity to directly impact company growth and strategy. A collaborative, high-energy team environment where your ideas and contributions are valued and implemented. Competitive salary complemented with a transparent and highly competitive options program. Centrally located offices in NYC, London, and Stockholm, designed as a space for you to do your life's work. About Sana Labs Sana exists to advance how humans access knowledge with artificial intelligence. Our AI products are trusted by the world's most pioneering companies-from Polestar and Merck to Hinge Health and Svea Solar-and have served 1 million people worldwide. Sana has raised over $130m to date from world-leading investors including NEA, Menlo Ventures, and EQT Ventures. We have been featured as a LinkedIn Top Startup, named a winner in the AI and Data category for Fast Company's 2024 Next Big Things in Tech, and recognized on the Forbes AI 50 list as one of the top AI companies developing the most promising business use cases of artificial intelligence. We believe advancing knowledge is the world's most important problem to solve. From writing and the printing press to the internet and Google, the tools that have accelerated access to knowledge have defined human progress. Yet our workplace software hasn't kept up. We're building towards a world where knowledge is not only more accessible, but empowers you to accomplish more than you ever thought possible. If that's a future that excites you, you're in the right place. Come and do your life's work with us.
Jan 12, 2025
Full time
In this role, you will: Lead the Information Security Management System (ISMS) and ensure compliance with GDPR, ISO 27001, SOC 2, AI Act/ISO 42001, and DORA. Conduct audits and maintain security policies. Enhance the sales process by completing GRC-related questions in RFPs and participating in customer calls to address security inquiries. Maintain and update security white papers and related documentation. Work cross-functionally across engineering, legal, and commercial teams to enhance security measures. Your background looks something like: 2-5 years of professional experience in legal or operations. Experience in a smaller SaaS company. Preferred Education: MSc in Law, Engineering or related field. Familiarity with one or more of the following: GDPR, ISO 27001, SOC 2, AI Act/ISO 42001, and DORA. What We Offer Career development opportunities in a rapidly evolving entrepreneurial environment. Direct collaboration with senior leadership and the opportunity to directly impact company growth and strategy. A collaborative, high-energy team environment where your ideas and contributions are valued and implemented. Competitive salary complemented with a transparent and highly competitive options program. Centrally located offices in NYC, London, and Stockholm, designed as a space for you to do your life's work. About Sana Labs Sana exists to advance how humans access knowledge with artificial intelligence. Our AI products are trusted by the world's most pioneering companies-from Polestar and Merck to Hinge Health and Svea Solar-and have served 1 million people worldwide. Sana has raised over $130m to date from world-leading investors including NEA, Menlo Ventures, and EQT Ventures. We have been featured as a LinkedIn Top Startup, named a winner in the AI and Data category for Fast Company's 2024 Next Big Things in Tech, and recognized on the Forbes AI 50 list as one of the top AI companies developing the most promising business use cases of artificial intelligence. We believe advancing knowledge is the world's most important problem to solve. From writing and the printing press to the internet and Google, the tools that have accelerated access to knowledge have defined human progress. Yet our workplace software hasn't kept up. We're building towards a world where knowledge is not only more accessible, but empowers you to accomplish more than you ever thought possible. If that's a future that excites you, you're in the right place. Come and do your life's work with us.
Career Opportunities: Information Security GRC Manager (FTC) (10652) Requisition ID 10652 - Posted - Technology - London JOB TITLE: INFORMATION SECURITY GRC MANAGER DEPARTMENT: TECHNOLOGY LOCATION: MARBLE ARCH, LONDON REPORTING TO: HEAD OF INFORMATION SECURITY TYPE OF CONTRACT: 12 MONTH FTC PLACES, PEOPLE, PREFER Our purpose is to create and manage outstanding places which deliver positive outcomes for all our stakeholders on a long-term, sustainable basis. We are a FTSE 100 business with a strong balance sheet and £13bn of assets under management. But with just 600 employees, you're given the ability to make a big impact and elevate your career quickly. Our diverse, passionate team of experts works on some of the most ambitious, innovative and sustainable projects in the country - from our high-quality campuses across central London to some of the top retail schemes in the UK - providing a rewarding career journey where you can shape how you grow. We believe in shared success and enabling people to be themselves. If you want to feel listened to and understood in an environment where your opinions count and bright ideas are encouraged, you've come to the right place! In our recent engagement survey, 93% of our employees stated they were proud to work for British Land! THE ROLE Reporting to the Head of Information Security, the primary responsibility of this role is to oversee the development, implementation, and management of British Land's information security governance, risk, and compliance programs. This role ensures that the organisation's information security practices align with regulatory requirements, industry standards, and best practices. The GRC Manager will work closely with various departments to identify, assess, and mitigate information security risks. The ideal candidate will have proven experience in cyber security principles and be proactive in identifying and responding to security threats. WHAT YOU'LL DO Assisting with the support of technologies in the following categories: Governance: Develop and maintain information security policies, standards, and procedures. Ensure alignment of security policies with business objectives and regulatory requirements. Monitor compliance with policies and conduct regular reviews and updates of security policies and procedures. Complete security assessments for third-party suppliers, assets (buildings/Retail), and projects to ensure adherence to cyber security policies and standards. Deliver and maintain the Supplier Risk Assessment process. Identify and assess information security risks across the organisation and maintain the risk register. Develop and implement risk mitigation strategies and action plans. Conduct regular risk assessments and audits to ensure compliance with security policies and standards. Monitor and report on the status of risk management activities. Compliance: Ensure compliance with relevant laws, regulations, and industry standards (e.g., GDPR, ISO 27001). Coordinate and support internal and external audits and assessments. Develop and deliver security awareness and training programs to employees. Maintain documentation and evidence of compliance activities. ADVOCACY: Articulate the need for information security and compliance. Build strong stakeholder relationships across the business to enable effective communication and delivery of infosec objectives. Responsible for delivery of infosec controls which are effectively designed and implemented. Identify security gaps and work with stakeholders to clearly define remediation actions. Provide guidance and support to business units on security-related matters. Manage security awareness training, including courses, rollout, liaison with the Training team, arranging phishing tests, and providing remediation training in person to required employees. Manage Information Security Steerco meetings, including taking minutes, organizing meetings, and actions, and supporting the committee in the role of Secretary. Support Technology projects with security analysis on any proposed solutions and ensure any risks are highlighted and addressed as part of the project. Liaise with stakeholders in relation to cyber security issues and provide future recommendations. Research and generate reports for both technical and non-technical staff and stakeholders. Provide advice and guidance to staff on information security-related issues. Define and monitor security policies and best practice standards. ABOUT YOU Strong written and oral communication skills. Passionate about Information Security and proactive in recommending ways to further improve our security posture. Self-motivated problem solver. Strong time management and organisational skills. Pragmatic - making the best of the tools that we have and getting the best out of them. Recognize the balance between security and productivity. Understanding of Information Security Risk Management concepts. Experience of working collaboratively within an IT department. OUR SHARED VALUES Our values are what we stand for at British Land; they're not just a label on the door; they connect us every day to our vision, purpose, and strategy. They help us to promote an inclusive, positive, and collaborative culture. You can read more on our corporate website. Our People - Just ask anyone why they love working here and they will tell you it's the people. They're highly talented, passionate, and collaborative! We thank our people with rewards that feel rewarding; you can review our market-leading benefits here. OUR RECRUITMENT PROCESS If you enjoy bringing your whole self to work, share our values, and are excited about our purpose, we'd love to hear from you! We are committed to providing an accessible and inclusive process; learn more about our selection process here. Please note that we endeavour to get back to all applicants within 28 days. If you haven't heard from us within this period, please assume that you have been unsuccessful on this occasion.
Jan 12, 2025
Full time
Career Opportunities: Information Security GRC Manager (FTC) (10652) Requisition ID 10652 - Posted - Technology - London JOB TITLE: INFORMATION SECURITY GRC MANAGER DEPARTMENT: TECHNOLOGY LOCATION: MARBLE ARCH, LONDON REPORTING TO: HEAD OF INFORMATION SECURITY TYPE OF CONTRACT: 12 MONTH FTC PLACES, PEOPLE, PREFER Our purpose is to create and manage outstanding places which deliver positive outcomes for all our stakeholders on a long-term, sustainable basis. We are a FTSE 100 business with a strong balance sheet and £13bn of assets under management. But with just 600 employees, you're given the ability to make a big impact and elevate your career quickly. Our diverse, passionate team of experts works on some of the most ambitious, innovative and sustainable projects in the country - from our high-quality campuses across central London to some of the top retail schemes in the UK - providing a rewarding career journey where you can shape how you grow. We believe in shared success and enabling people to be themselves. If you want to feel listened to and understood in an environment where your opinions count and bright ideas are encouraged, you've come to the right place! In our recent engagement survey, 93% of our employees stated they were proud to work for British Land! THE ROLE Reporting to the Head of Information Security, the primary responsibility of this role is to oversee the development, implementation, and management of British Land's information security governance, risk, and compliance programs. This role ensures that the organisation's information security practices align with regulatory requirements, industry standards, and best practices. The GRC Manager will work closely with various departments to identify, assess, and mitigate information security risks. The ideal candidate will have proven experience in cyber security principles and be proactive in identifying and responding to security threats. WHAT YOU'LL DO Assisting with the support of technologies in the following categories: Governance: Develop and maintain information security policies, standards, and procedures. Ensure alignment of security policies with business objectives and regulatory requirements. Monitor compliance with policies and conduct regular reviews and updates of security policies and procedures. Complete security assessments for third-party suppliers, assets (buildings/Retail), and projects to ensure adherence to cyber security policies and standards. Deliver and maintain the Supplier Risk Assessment process. Identify and assess information security risks across the organisation and maintain the risk register. Develop and implement risk mitigation strategies and action plans. Conduct regular risk assessments and audits to ensure compliance with security policies and standards. Monitor and report on the status of risk management activities. Compliance: Ensure compliance with relevant laws, regulations, and industry standards (e.g., GDPR, ISO 27001). Coordinate and support internal and external audits and assessments. Develop and deliver security awareness and training programs to employees. Maintain documentation and evidence of compliance activities. ADVOCACY: Articulate the need for information security and compliance. Build strong stakeholder relationships across the business to enable effective communication and delivery of infosec objectives. Responsible for delivery of infosec controls which are effectively designed and implemented. Identify security gaps and work with stakeholders to clearly define remediation actions. Provide guidance and support to business units on security-related matters. Manage security awareness training, including courses, rollout, liaison with the Training team, arranging phishing tests, and providing remediation training in person to required employees. Manage Information Security Steerco meetings, including taking minutes, organizing meetings, and actions, and supporting the committee in the role of Secretary. Support Technology projects with security analysis on any proposed solutions and ensure any risks are highlighted and addressed as part of the project. Liaise with stakeholders in relation to cyber security issues and provide future recommendations. Research and generate reports for both technical and non-technical staff and stakeholders. Provide advice and guidance to staff on information security-related issues. Define and monitor security policies and best practice standards. ABOUT YOU Strong written and oral communication skills. Passionate about Information Security and proactive in recommending ways to further improve our security posture. Self-motivated problem solver. Strong time management and organisational skills. Pragmatic - making the best of the tools that we have and getting the best out of them. Recognize the balance between security and productivity. Understanding of Information Security Risk Management concepts. Experience of working collaboratively within an IT department. OUR SHARED VALUES Our values are what we stand for at British Land; they're not just a label on the door; they connect us every day to our vision, purpose, and strategy. They help us to promote an inclusive, positive, and collaborative culture. You can read more on our corporate website. Our People - Just ask anyone why they love working here and they will tell you it's the people. They're highly talented, passionate, and collaborative! We thank our people with rewards that feel rewarding; you can review our market-leading benefits here. OUR RECRUITMENT PROCESS If you enjoy bringing your whole self to work, share our values, and are excited about our purpose, we'd love to hear from you! We are committed to providing an accessible and inclusive process; learn more about our selection process here. Please note that we endeavour to get back to all applicants within 28 days. If you haven't heard from us within this period, please assume that you have been unsuccessful on this occasion.
Cyber Security - GRC - Vendor Risk Assessment As aVehicle Risk Analyst, you will assist the Information and Cyber Security team which plays a vital role safeguarding Clients information asset on a global basis. This role is part of the Governance, Risk and Compliance function whose purpose is to manage information risk to acceptable levels, using a framework of controls and oversight across the enterprise. You will ensure we deliver appropriate governance, risk, and compliance for information security throughout and you will also provide some support for other functions (SOx IT, Governance, Compliance, Security Culture, Supply Chain). Working with the ICS Strategy and Risk Manager within the Information & Cyber Security team, you will support all ICS Strategic and Risk Management activities within the Governance, Risk and Compliance pillar of the Information and Cyber Security (ICS) team.
Jun 18, 2024
Full time
Cyber Security - GRC - Vendor Risk Assessment As aVehicle Risk Analyst, you will assist the Information and Cyber Security team which plays a vital role safeguarding Clients information asset on a global basis. This role is part of the Governance, Risk and Compliance function whose purpose is to manage information risk to acceptable levels, using a framework of controls and oversight across the enterprise. You will ensure we deliver appropriate governance, risk, and compliance for information security throughout and you will also provide some support for other functions (SOx IT, Governance, Compliance, Security Culture, Supply Chain). Working with the ICS Strategy and Risk Manager within the Information & Cyber Security team, you will support all ICS Strategic and Risk Management activities within the Governance, Risk and Compliance pillar of the Information and Cyber Security (ICS) team.
Leading global multinational end user organization requires a Global Head of Information Security Risk and Compliance (GRC). The role will involve taking responsibility of taking overall responsibility for managing all risk and compliance for the information security, technology and client audits. You will report directly to the global CISO and will also be responsible for managing a small in-house team. Key accountabilities will include: Client information security compliance - working with audit team to ensure all in-house controls are compliant Ensure adherence to standards across all global offices - ISO27001 and SOC2 Take a lead role in all internal and external audits Playing a key role in all information security awareness programs across the business Work closely with the CISO the information security senior leadership team on the cyber strategy Ensuring the team complete all RFIs Key skills needed: Experience in a senior security risk and compliance role ideally for a large enterprise company Fully conversant with ISO27001 and other information security frameworks Stakeholder management up to C level CISSP or CISM certified preferred Experience on a global scale also highly preferable London based with a hybrid model. Please send your CV in ASAP. Leading global multinational end user organization requires a Global Head of Information Security Risk and Compliance (GRC). The role will involve taking responsibility of taking overall responsibility for managing all risk and compliance for the information security, technology and client audits. You will report directly to the global CISO and will also be responsible for managing a small in-house team. Key accountabilities will include: Client information security compliance - working with audit team to ensure all in-house controls are compliant Ensure adherence to standards across all global offices - ISO27001 and SOC2 Take a lead role in all internal and external audits Playing a key role in all information security awareness programs across the business Work closely with the CISO the information security senior leadership team on the cyber strategy Ensuring the team complete all RFIs Key skills needed: Experience in a senior security risk and compliance role ideally for a large enterprise company Fully conversant with ISO27001 and other information security frameworks Stakeholder management up to C level CISSP or CISM certified preferred Experience on a global scale also highly preferable London based with a hybrid model. Please send your CV in ASAP.
Jan 29, 2024
Full time
Leading global multinational end user organization requires a Global Head of Information Security Risk and Compliance (GRC). The role will involve taking responsibility of taking overall responsibility for managing all risk and compliance for the information security, technology and client audits. You will report directly to the global CISO and will also be responsible for managing a small in-house team. Key accountabilities will include: Client information security compliance - working with audit team to ensure all in-house controls are compliant Ensure adherence to standards across all global offices - ISO27001 and SOC2 Take a lead role in all internal and external audits Playing a key role in all information security awareness programs across the business Work closely with the CISO the information security senior leadership team on the cyber strategy Ensuring the team complete all RFIs Key skills needed: Experience in a senior security risk and compliance role ideally for a large enterprise company Fully conversant with ISO27001 and other information security frameworks Stakeholder management up to C level CISSP or CISM certified preferred Experience on a global scale also highly preferable London based with a hybrid model. Please send your CV in ASAP. Leading global multinational end user organization requires a Global Head of Information Security Risk and Compliance (GRC). The role will involve taking responsibility of taking overall responsibility for managing all risk and compliance for the information security, technology and client audits. You will report directly to the global CISO and will also be responsible for managing a small in-house team. Key accountabilities will include: Client information security compliance - working with audit team to ensure all in-house controls are compliant Ensure adherence to standards across all global offices - ISO27001 and SOC2 Take a lead role in all internal and external audits Playing a key role in all information security awareness programs across the business Work closely with the CISO the information security senior leadership team on the cyber strategy Ensuring the team complete all RFIs Key skills needed: Experience in a senior security risk and compliance role ideally for a large enterprise company Fully conversant with ISO27001 and other information security frameworks Stakeholder management up to C level CISSP or CISM certified preferred Experience on a global scale also highly preferable London based with a hybrid model. Please send your CV in ASAP.
SAP GRC Security Lead £75,000 per annum + benefits 2 days per week in Basingstoke office Job Description Summary The SAP GRC Security Lead will sit within the SAP CoE and report to the Principal SAP Delivery Lead. They will be responsible for all governance, risk and compliance activity within SAP. This includes ownership of roles and authorisations across SAP ECC, BW, BPC, Success Factors, Ariba and Concur. The SAP GRC and Security Lead will work closely with the wider SAP CoE team and internal and external stakeholders to ensure that all SAP solutions are compliant with our SoD framework, internal security policies, IT general controls, RACM framework and external audit. This will include the building and maintenance of SAP ECC, BW and BPC roles and the annual user recertification processes and the management of tickets and change requests in the roles and authorisation space. The SAP GRC lead will be required to implement proactive controls to mitigate and manage risk across all SAP applications and will also support external audit processes. Responsibilities Will take full ownership of roles & authorisations which will include designing, building, maintaining, and supporting roles and authorisations in SAP ECC, BW and BPC in accordance with best practices Will also provide support and guidance to the functional teams that administer roles & authorisations on Success Factors, Ariba, Concur Will be responsible for maintaining the integrity of our SAP SoD framework and manage the maintenance and assignment of roles in the live system. Will proactively implement robust controls to support the integrity of the SoD framework. Including the provision of periodic reports to key stakeholders Full end to end ownership of periodic user recertification processes for all SAP applications Will utilise our existing GRC tool (Profile Tailor Dynamics) to design and implement ensure full end to end controls for roles and authorisations in our SAP systems. Work with functional leads from within the SAP CoE and business stakeholders to provide security advice and guidance and support projects. Will be the SPOC and CoE conduit for all SAP risk, audit, security and IT general control actions. Ownership and maintenance of internal SAP risk register Work with internal risk and audit teams and external auditors to ensure all actions are managed in a timely manner The Individual 10 years + hands on experience with SAP roles and authorisation Strong consulting or audit background would be highly desirable Extensive experience working with SAP GRC tooling Experience of designing and implementing new authorisation models (or role refreshes) Exceptional communication and customer facing skills Good knowledge of SAP ECC, BW, BPC, Solution Manager Strong understanding of business processes within FI, CO,SD and MM Good knowledge or experience of working with Success Factors, Ariba and Concur Good experience of working with risk, audit, and compliance teams Strong exposure to IT general controls and RACM framework
Jan 26, 2024
Full time
SAP GRC Security Lead £75,000 per annum + benefits 2 days per week in Basingstoke office Job Description Summary The SAP GRC Security Lead will sit within the SAP CoE and report to the Principal SAP Delivery Lead. They will be responsible for all governance, risk and compliance activity within SAP. This includes ownership of roles and authorisations across SAP ECC, BW, BPC, Success Factors, Ariba and Concur. The SAP GRC and Security Lead will work closely with the wider SAP CoE team and internal and external stakeholders to ensure that all SAP solutions are compliant with our SoD framework, internal security policies, IT general controls, RACM framework and external audit. This will include the building and maintenance of SAP ECC, BW and BPC roles and the annual user recertification processes and the management of tickets and change requests in the roles and authorisation space. The SAP GRC lead will be required to implement proactive controls to mitigate and manage risk across all SAP applications and will also support external audit processes. Responsibilities Will take full ownership of roles & authorisations which will include designing, building, maintaining, and supporting roles and authorisations in SAP ECC, BW and BPC in accordance with best practices Will also provide support and guidance to the functional teams that administer roles & authorisations on Success Factors, Ariba, Concur Will be responsible for maintaining the integrity of our SAP SoD framework and manage the maintenance and assignment of roles in the live system. Will proactively implement robust controls to support the integrity of the SoD framework. Including the provision of periodic reports to key stakeholders Full end to end ownership of periodic user recertification processes for all SAP applications Will utilise our existing GRC tool (Profile Tailor Dynamics) to design and implement ensure full end to end controls for roles and authorisations in our SAP systems. Work with functional leads from within the SAP CoE and business stakeholders to provide security advice and guidance and support projects. Will be the SPOC and CoE conduit for all SAP risk, audit, security and IT general control actions. Ownership and maintenance of internal SAP risk register Work with internal risk and audit teams and external auditors to ensure all actions are managed in a timely manner The Individual 10 years + hands on experience with SAP roles and authorisation Strong consulting or audit background would be highly desirable Extensive experience working with SAP GRC tooling Experience of designing and implementing new authorisation models (or role refreshes) Exceptional communication and customer facing skills Good knowledge of SAP ECC, BW, BPC, Solution Manager Strong understanding of business processes within FI, CO,SD and MM Good knowledge or experience of working with Success Factors, Ariba and Concur Good experience of working with risk, audit, and compliance teams Strong exposure to IT general controls and RACM framework
As the Cyber Security Specialist, you will report to Network & Security Manager and work closely with 2 analysts to perform all-round Cyber Security duties Client Details Our client is a leading UK-based international law firm with more than 1,500 legal professionals across worldwide. Description Perform day to day cyber security operation and analysis duties Continually improve stability and security of IT infrastructure Provide coaching and mentoring to junior analysts in the team Work with engineer team to carry out security enhancement and improvement projects Work with GRC to ensure fulfilment of up to date security regulations / frameworks Profile Essential: Solid experience in network security Experience in firewall implementation and configuration Practical experience in wide range of security tools: SIEM, WAF, Endpoint, IAM Desirable: With technical security certifications such as CISSP, CCSP, etc. Good knowledge / experience in ISO 27001 / NIST / Cyber Essentials Knowledge and experience of working within recognised industry frameworks (e.g ISO 27001/NIST/Cyber Essentials) Job Offer Hybrid working - 2 days at Birmingham office Private Medical Support in training and development Other benefits package
Dec 19, 2022
Full time
As the Cyber Security Specialist, you will report to Network & Security Manager and work closely with 2 analysts to perform all-round Cyber Security duties Client Details Our client is a leading UK-based international law firm with more than 1,500 legal professionals across worldwide. Description Perform day to day cyber security operation and analysis duties Continually improve stability and security of IT infrastructure Provide coaching and mentoring to junior analysts in the team Work with engineer team to carry out security enhancement and improvement projects Work with GRC to ensure fulfilment of up to date security regulations / frameworks Profile Essential: Solid experience in network security Experience in firewall implementation and configuration Practical experience in wide range of security tools: SIEM, WAF, Endpoint, IAM Desirable: With technical security certifications such as CISSP, CCSP, etc. Good knowledge / experience in ISO 27001 / NIST / Cyber Essentials Knowledge and experience of working within recognised industry frameworks (e.g ISO 27001/NIST/Cyber Essentials) Job Offer Hybrid working - 2 days at Birmingham office Private Medical Support in training and development Other benefits package
Cybersecurity: Governance, Risk, and Compliance Director CFGI is a unique and highly specialized financial consulting firm that is strategically positioned to assist the office of the CFO through a range of routine and complex business scenarios. As an extension of your corporate finance team, CFGI works alongside your internal staff, serving in a variety of roles from technical accounting advisor, M&A support, tax services, etc. delivering seamless support services. Technical & Domain Experience: Build cybersecurity Process Risk & Control frameworks for clients that are rationalized against applicable laws and standards. Conduct Risk Assessment and Maturity Assessments for clients. Audit Control definition and control testing against client's Internal Audit framework, or against industry standards or laws & regulations. Conduct Cybersecurity and Data Privacy Compliance readiness assessments for clients Guide clients in establishing cybersecurity policies, standards, and procedures. Manage cybersecurity training & awareness services for clients from design to implementation. Advise clients on cybersecurity functions' metrics and reporting for various levels of client audiences including Audit Committee, and Board of Directors. Be the client's Subject Matter Expert on compliance questions for cybersecurity regulations and industry practices. Provide governance services for clients to oversee their cybersecurity functions and practices, including governance over: Policies & Procedures, Risk Management, Vulnerability Management, Incident Management, etc. Assist clients in implementing market GRC tools. Lead Third Party Risk Management (TPRM) for clients, including designing and operationalizing a TPRM framework, reviewing existing and new vendors for client, and provide ongoing monitoring services. Needs strong understanding/experience of the UK regulatory compliance landscape in Cybersecurity / Data Privacy space and its impact on businesses. Process & Project Management Experience: Ability to prioritize and multitask. Flexibility and adaptability in work approach. Ability to manage project plans for client various data privacy engagements, including creating tasks, timeline and budgets. Ability to report to leadership and clients on status updates periodically, including progress and challenges. Soft Skills: Strong interpersonal and communication skills; experience with cross-cultural communications. Calmness and clarity of thought under pressure and ability to maintain confidentially. Train other staff and external clients, as necessary. Agile and flexible, capable of dealing with ambiguity, and confronting challenges and opportunities with speed, endurance, and decisiveness. Manage a team of consultants and managers on various projects. Technical Qualifications / Certifications: Bachelor's degree in business, computer science, information systems, engineering, or a related discipline. Strong knowledge in national and global industry practices and regulations in Cybersecurity and Data Privacy, including NIST CSF, CIS, PCI DSS, HIPAA, ISO27001, CMMC, FedRAMP, SOX, GDPR, CCPA, etc. Industry certifications would be preferred but not required: CISSP, CISM, etc.
Dec 06, 2022
Full time
Cybersecurity: Governance, Risk, and Compliance Director CFGI is a unique and highly specialized financial consulting firm that is strategically positioned to assist the office of the CFO through a range of routine and complex business scenarios. As an extension of your corporate finance team, CFGI works alongside your internal staff, serving in a variety of roles from technical accounting advisor, M&A support, tax services, etc. delivering seamless support services. Technical & Domain Experience: Build cybersecurity Process Risk & Control frameworks for clients that are rationalized against applicable laws and standards. Conduct Risk Assessment and Maturity Assessments for clients. Audit Control definition and control testing against client's Internal Audit framework, or against industry standards or laws & regulations. Conduct Cybersecurity and Data Privacy Compliance readiness assessments for clients Guide clients in establishing cybersecurity policies, standards, and procedures. Manage cybersecurity training & awareness services for clients from design to implementation. Advise clients on cybersecurity functions' metrics and reporting for various levels of client audiences including Audit Committee, and Board of Directors. Be the client's Subject Matter Expert on compliance questions for cybersecurity regulations and industry practices. Provide governance services for clients to oversee their cybersecurity functions and practices, including governance over: Policies & Procedures, Risk Management, Vulnerability Management, Incident Management, etc. Assist clients in implementing market GRC tools. Lead Third Party Risk Management (TPRM) for clients, including designing and operationalizing a TPRM framework, reviewing existing and new vendors for client, and provide ongoing monitoring services. Needs strong understanding/experience of the UK regulatory compliance landscape in Cybersecurity / Data Privacy space and its impact on businesses. Process & Project Management Experience: Ability to prioritize and multitask. Flexibility and adaptability in work approach. Ability to manage project plans for client various data privacy engagements, including creating tasks, timeline and budgets. Ability to report to leadership and clients on status updates periodically, including progress and challenges. Soft Skills: Strong interpersonal and communication skills; experience with cross-cultural communications. Calmness and clarity of thought under pressure and ability to maintain confidentially. Train other staff and external clients, as necessary. Agile and flexible, capable of dealing with ambiguity, and confronting challenges and opportunities with speed, endurance, and decisiveness. Manage a team of consultants and managers on various projects. Technical Qualifications / Certifications: Bachelor's degree in business, computer science, information systems, engineering, or a related discipline. Strong knowledge in national and global industry practices and regulations in Cybersecurity and Data Privacy, including NIST CSF, CIS, PCI DSS, HIPAA, ISO27001, CMMC, FedRAMP, SOX, GDPR, CCPA, etc. Industry certifications would be preferred but not required: CISSP, CISM, etc.
Brodies LLP is a UK law firm headquartered in Scotland. It is the largest firm in its jurisdiction measured by income, directory rankings, and lawyer numbers. In the last three years, the firm's revenue has grown by 20%, and almost 100 new colleagues have joined. Today, we have more than 750 colleagues and offices in Aberdeen, Edinburgh, Glasgow, The Highlands, London and Brussels. We combine colleagues' expertise in all business areas, to deliver Enlightened Thinking - new knowledge and new legal possibilities - uniquely suited to our Scottish, UK and international clients. JOB TITLE Executive Assistant - Litigation / BDAR / Insurance & Risk / GRC and Shipping Our hybrid working approach allows the opportunity to combine working from home as well as in our offices. Aberdeen REPORTING TO Secretarial Engagement Manager JOB PURPOSE To work as part of a team in the provision of executive assistant support to the BDAR / Insurance & Risk / GRC and Shipping team within our Litigation practice area. To also assist the Litigation practice area as a whole, whilst ensuring in addition, the provision of an efficient and quality service to Brodies external clients. CORE TASKS Diary management - make and amend appointments and consultations, arrange meeting rooms, track responses and organise refreshments if required, anticipate weekly schedules and prepare for Solicitors Anticipate requirements for meeting i.e. organise papers, produce itinerary, directions, background/profile information Follow up on meetings (i.e. contact details/further appointments required) Proactively organises partner management information for Division/Team (i.e. implementation and strategic plans Liaise with clients in organising events Proactive Mailbox management - ensure documentation copied to client folder (as required), flag important emails and ensure dealt with, checking Solicitors inbox when out of office/in meetings and action important/urgent emails where appropriate Update all contacts (Outlook/Apex) and identify appropriate distribution lists Open new clients/matters and Visual Files, obtaining information from client papers Maintain knowledge of Visual Files and ensure follow all Visual Files procedures Produce Management Information for clients Responsible for CRU Management Type and amend any confidential emails as well as any confidential internal and external reports as required Mail Merge Save documents in appropriate location both electronically and in hard copy Build and maintain knowledge of Sheriff Court and Court of Session Forms/Procedures Must maintain intimate knowledge of current affairs in office and be able to deal with clients and third parties on a day to day basis via e-mail, phone or in person, ensuring that accurate messages are communicated and dealt with professionally and proactively Organise expense claim forms and collate necessary receipts Pay invoices in compliance with office internal procedures. Follow up process with relevant practice area through to completion ensuring completing appropriate cash forms as required Assist with billing, attend team/billing meetings, prepare draft bills for Solicitors to sign off on, maintain responsibility for monthly printouts and ensure bills sent to clients timeously. Prepare CD Bibles Organise closing of files and papers when necessary. Maintain tidy office environment in terms of "Less Paper" guidelines Undertaking some specialist duties e.g. finance, marketing/business development and paralegal Organises practice area training Assist with the drafting, lodging and updating of court documents and papers Organise and maintain Counsel's papers both in paper form and electronically Ensure scanned documents are saved to DMS in the relevant folders Source travel and accommodation and liaise with Division credit card holder to confirm booking Minute taking where appropriate Participate in the rota for lunchtime cover and provide assistance during holidays/absence Provide assistance to other Executive Assistants in the Litigation team as required and under the direction of the Secretarial Engagement Manager Liaise with the Legal Document Specialists to ensure the completion of all Bighand dictation and documents within the required timescales, assisting where necessary. Undertake ad hoc administrative tasks when necessary under the direction of solicitors and Secretarial Engagement Manager. Be aware of Brodies' information security policies, and protect information assets from unauthorised access, disclosure, modification, destruction or interference at all times. PERSON SPECIFICATION Should have knowledge and experience of working within a busy Litigation team This position is demanding so the successful candidate should be used to working under pressure, often with tight deadlines Highly motivated with the ability to use initiative and be proactive is essential Good communication skills and confident in dealing with people at all levels A strong team player with a can do attitude Ability to maintain flexibility regarding office role and workload Organises and prioritises time effectively to achieve deadlines Presents a professional image to clients and other external organisations at all times Seeks out opportunities to provide a more efficient and proactive service to Solicitors The successful candidate will be required to be flexible regarding working hours as from time to time it will be necessary to complete work during lunchtime or after 5pm Working practices and Executive Assistant allocations within the team will change from time to time and the successful candidate should have an open and flexible attitude to change and a willingness to train within the practice area and other legal teams. SKILLS Excellent organisational skills Ability to multi task and prioritise Fast accurate typist - 60 wpm Proficient in the use of Microsoft applications: Word - track changes/mail merge Outlook - diary management, contacts, tasks Excel PowerPoint Willingness to enhance IT literacy Experience of DMS (preferred but not essential) Experience of Aderant (preferred but not essential) Experience of Bighand (preferred but not essential) Experience of Visual Files Case Management System (preferred but not essential) Experience of using internet for research purposes (preferred but not essential) Willingness to enhance knowledge of Sheriff Court and Court of Session Forms/Procedures
Dec 05, 2021
Full time
Brodies LLP is a UK law firm headquartered in Scotland. It is the largest firm in its jurisdiction measured by income, directory rankings, and lawyer numbers. In the last three years, the firm's revenue has grown by 20%, and almost 100 new colleagues have joined. Today, we have more than 750 colleagues and offices in Aberdeen, Edinburgh, Glasgow, The Highlands, London and Brussels. We combine colleagues' expertise in all business areas, to deliver Enlightened Thinking - new knowledge and new legal possibilities - uniquely suited to our Scottish, UK and international clients. JOB TITLE Executive Assistant - Litigation / BDAR / Insurance & Risk / GRC and Shipping Our hybrid working approach allows the opportunity to combine working from home as well as in our offices. Aberdeen REPORTING TO Secretarial Engagement Manager JOB PURPOSE To work as part of a team in the provision of executive assistant support to the BDAR / Insurance & Risk / GRC and Shipping team within our Litigation practice area. To also assist the Litigation practice area as a whole, whilst ensuring in addition, the provision of an efficient and quality service to Brodies external clients. CORE TASKS Diary management - make and amend appointments and consultations, arrange meeting rooms, track responses and organise refreshments if required, anticipate weekly schedules and prepare for Solicitors Anticipate requirements for meeting i.e. organise papers, produce itinerary, directions, background/profile information Follow up on meetings (i.e. contact details/further appointments required) Proactively organises partner management information for Division/Team (i.e. implementation and strategic plans Liaise with clients in organising events Proactive Mailbox management - ensure documentation copied to client folder (as required), flag important emails and ensure dealt with, checking Solicitors inbox when out of office/in meetings and action important/urgent emails where appropriate Update all contacts (Outlook/Apex) and identify appropriate distribution lists Open new clients/matters and Visual Files, obtaining information from client papers Maintain knowledge of Visual Files and ensure follow all Visual Files procedures Produce Management Information for clients Responsible for CRU Management Type and amend any confidential emails as well as any confidential internal and external reports as required Mail Merge Save documents in appropriate location both electronically and in hard copy Build and maintain knowledge of Sheriff Court and Court of Session Forms/Procedures Must maintain intimate knowledge of current affairs in office and be able to deal with clients and third parties on a day to day basis via e-mail, phone or in person, ensuring that accurate messages are communicated and dealt with professionally and proactively Organise expense claim forms and collate necessary receipts Pay invoices in compliance with office internal procedures. Follow up process with relevant practice area through to completion ensuring completing appropriate cash forms as required Assist with billing, attend team/billing meetings, prepare draft bills for Solicitors to sign off on, maintain responsibility for monthly printouts and ensure bills sent to clients timeously. Prepare CD Bibles Organise closing of files and papers when necessary. Maintain tidy office environment in terms of "Less Paper" guidelines Undertaking some specialist duties e.g. finance, marketing/business development and paralegal Organises practice area training Assist with the drafting, lodging and updating of court documents and papers Organise and maintain Counsel's papers both in paper form and electronically Ensure scanned documents are saved to DMS in the relevant folders Source travel and accommodation and liaise with Division credit card holder to confirm booking Minute taking where appropriate Participate in the rota for lunchtime cover and provide assistance during holidays/absence Provide assistance to other Executive Assistants in the Litigation team as required and under the direction of the Secretarial Engagement Manager Liaise with the Legal Document Specialists to ensure the completion of all Bighand dictation and documents within the required timescales, assisting where necessary. Undertake ad hoc administrative tasks when necessary under the direction of solicitors and Secretarial Engagement Manager. Be aware of Brodies' information security policies, and protect information assets from unauthorised access, disclosure, modification, destruction or interference at all times. PERSON SPECIFICATION Should have knowledge and experience of working within a busy Litigation team This position is demanding so the successful candidate should be used to working under pressure, often with tight deadlines Highly motivated with the ability to use initiative and be proactive is essential Good communication skills and confident in dealing with people at all levels A strong team player with a can do attitude Ability to maintain flexibility regarding office role and workload Organises and prioritises time effectively to achieve deadlines Presents a professional image to clients and other external organisations at all times Seeks out opportunities to provide a more efficient and proactive service to Solicitors The successful candidate will be required to be flexible regarding working hours as from time to time it will be necessary to complete work during lunchtime or after 5pm Working practices and Executive Assistant allocations within the team will change from time to time and the successful candidate should have an open and flexible attitude to change and a willingness to train within the practice area and other legal teams. SKILLS Excellent organisational skills Ability to multi task and prioritise Fast accurate typist - 60 wpm Proficient in the use of Microsoft applications: Word - track changes/mail merge Outlook - diary management, contacts, tasks Excel PowerPoint Willingness to enhance IT literacy Experience of DMS (preferred but not essential) Experience of Aderant (preferred but not essential) Experience of Bighand (preferred but not essential) Experience of Visual Files Case Management System (preferred but not essential) Experience of using internet for research purposes (preferred but not essential) Willingness to enhance knowledge of Sheriff Court and Court of Session Forms/Procedures
Your new company A well known employer of choice based in the Reading area offering hybrid working. Your new role The Senior Digital Risk Manager identifies, tracks, monitors and advises on digital risks both operationally and for third parties, as well as driving the implementation of proactive digital risk management. The role holder acts as the backbone between digital risk management and the business ensuring metrics demonstrate the effectiveness of digital controls. 1. Drive the coordination and active management of digital risks 2. Develop guiding principles around security metrics, measurements, and their impact on the business 3. Communicate effectively and clearly, to support/influence data-driven decision making 4. Support in the security metrics reporting and associated analysis to help the business understand the digital security posture. 5. Plan, implement, and manage compliance management capabilities for all Digital security/compliance initiatives 6. Assure risk and control process effectiveness, measurement and optimisation throughout the agile development lifecycle 7. Monitor and analyse digital controls, risks, and metrics to identify themes, trends, correlations, and help drive efficiencies What you'll need to succeed At least 5+ years of work experience in security or risk management. Knowledge and understanding of digital risk concepts. Demonstrated experience providing written and verbal presentations Experience using GRC/risk management tools such as ZenGRC, One Trust etc Ability to assist in the design, build and test related controls covering technology including security, third party engagements, and resilience Experience in Third Party Risk Management Good understanding of how metrics and measurements can drive business decisions and generate insights about the business Previous experience in control testing utilising industry standard frameworks and methodologies What you'll get in return A competitive day rate (in-scope of IR35) ,Flexible working options available, but you must be able to work in the Reading area a few days a week. 3 months assignment+ What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now. If this job isn't quite right for you but you are looking for a new position, please contact us for a confidential discussion on your career. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk
Dec 03, 2021
Seasonal
Your new company A well known employer of choice based in the Reading area offering hybrid working. Your new role The Senior Digital Risk Manager identifies, tracks, monitors and advises on digital risks both operationally and for third parties, as well as driving the implementation of proactive digital risk management. The role holder acts as the backbone between digital risk management and the business ensuring metrics demonstrate the effectiveness of digital controls. 1. Drive the coordination and active management of digital risks 2. Develop guiding principles around security metrics, measurements, and their impact on the business 3. Communicate effectively and clearly, to support/influence data-driven decision making 4. Support in the security metrics reporting and associated analysis to help the business understand the digital security posture. 5. Plan, implement, and manage compliance management capabilities for all Digital security/compliance initiatives 6. Assure risk and control process effectiveness, measurement and optimisation throughout the agile development lifecycle 7. Monitor and analyse digital controls, risks, and metrics to identify themes, trends, correlations, and help drive efficiencies What you'll need to succeed At least 5+ years of work experience in security or risk management. Knowledge and understanding of digital risk concepts. Demonstrated experience providing written and verbal presentations Experience using GRC/risk management tools such as ZenGRC, One Trust etc Ability to assist in the design, build and test related controls covering technology including security, third party engagements, and resilience Experience in Third Party Risk Management Good understanding of how metrics and measurements can drive business decisions and generate insights about the business Previous experience in control testing utilising industry standard frameworks and methodologies What you'll get in return A competitive day rate (in-scope of IR35) ,Flexible working options available, but you must be able to work in the Reading area a few days a week. 3 months assignment+ What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now. If this job isn't quite right for you but you are looking for a new position, please contact us for a confidential discussion on your career. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk