Risk Manager

Job Title: IT/OT Risk Manager

Duration: 3-6 months

Location: Scotland - Perth/Glasgow/Eurocentral/Aberdeen

Hybrid Working: 2-3 days ideally in the office

Description:

Main Purpose of Job

Drive the adoption of risk management framework. Work collaboratively with management to define, communicate and measure key risk and controls for IT and OT risks to be maintained in line with business risk appetite. Provide assurance on the effectiveness of controls and confirm compliance with obligations. Provide key management information to enable the Leadership to make decisions.

Key Accountabilities

• Support the implementation and operation of the IT Governance, Risk and Compliance framework.
• Implement and manage the IT risk management framework.
• Facilitating risk reviews to identify, quantify and mitigate IT & OT risks.
• Regular stakeholder engagement providing advice and guidance on risk management.
• Provide assurance on the adequacy of IT & OT controls to manage risk, provide recommendations and monitor progress to ensure controls are improved and effective.
• Coordinate timely and appropriate actions to be taken in response to audit actions. Support the formulation of delivery plans to address root cause and monitor progress.
• Involvement in risk mitigation projects as required.
• Oversight of the progress of audit actions.
• Monitor and report compliance with relevant policies, standards, procedures, legislation and regulation.
• Regular liaison with the Cyber Risk, Operational Technology, Information Security team and Risk & Assurance teams across the business and Group.
• Ensure accurate, timely and relevant reporting on IT & OT Risks to various Risk Boards and Committees.

Education

• Educated to a degree level or above or at least 3 years' relevant experience

Experience

• Experience of delivering IT risk, compliance or assurance activities (or equivalent role)
• Experience of OT Systems, Cyber and Engineering risk management
• Experience of designing or reviewing IT/OT processes and their controls and performing risk assessments
• Experience engaging with a wide range of stakeholders
• Focus on continuous improvement

Business Knowledge

• Understanding of client's strategy, structure and governance framework
• Working knowledge of IT and operational risk, IT and enterprise architecture, IT strategy and IT outsourcing, service management and delivery
• Working knowledge of audit and assurance methods
• Full IT project life cycle experience
• Industry standards, regulation and legislation knowledge
• Understanding of continuous improvement methodologies

Functional and Technical Skills

• Good knowledge of IT governance frameworks such as COBIT 5, ITIL, ISO31000, 27005, 38500 and their interactions
• Ability to perform Risk/Return analysis
• Ability to work in Matrix environments
• Quality management
• Works in compliance with Business Principles, Policies and Standards

Communication and Personal Attributes

• Ability to engage effectively with all stakeholders (internal and external)
• Fluent communicator, both written and orally, with high attention to detail
• Strong organisation skills
• Negotiation and influencing skills
• Maintain objectivity and impartiality
• Planning, communication and presentation skills
• Flexibility to adapt and compromise
• Ability to carry out self-led learning

Problem Solving, Analysis and Reasoning

• Able to use multiple problem solving methodologies
• Adept at identifying appropriate workarounds
• Experience in resolving complex problems

Accountability and Financial Dimensions

• Accountable for own work
• No direct or indirect responsibility for budgets or other financial measures.

Guidant, Carbon60, Lorien & SRG - The Impellam Group Portfolio are acting as an Employment Business in relation to this vacancy.