IT Security Governance Manager

Job Title: IT Security Governance Manager

The IT Security Governance Manager will report directly to the Senior Service Delivery Manager. The main responsibilities of this position include monitoring the compliance of IT controls, processes and governance within the Product & Technology Function. They will follow security and risk frameworks to ensure all controls satisfy regulatory requirements.

Key Responsibilities:

• Manage the development and continuous improvement of the control framework
• Support the team in reviewing and creating policies, processes and procedures to comply with company requirements
• Verify the Controllership and Operations calendar is up to date and reviewed regularly
• Document processes and roadmap for running the Controllership function
• Communicate any upcoming activities to relevant stakeholders in a timely manner
• Execute IT Controllership controls and establish operating rhythm with Management for monthly reporting
• Oversee artefact management and review key governance artefacts to ensure compliance and oversight
• Ensure artefacts are correctly stored within the designated Product & Technology repository
• Maintain accessibility of relevant information for the right stakeholders at the right time
• Identify and rectify any missing or misfiled artefacts to support regulatory compliance and enhance governance
• Oversee all IT and Security audit engagements and serve as the primary mediator between the Product and Technology teams and Internal Audit during audit engagements
• Facilitate the collection of relevant documentation, coordinate with key stakeholders for fieldwork, and ensure effective tracking and resolution of audit findings
• Monitor the resolution of any audit findings across outsourced service providers and internally and ensure these are documented accordingly
• Establish action tracking and deliver reporting monthly
• Verify that optimum controls are in place and operating effectively
• Conduct formal monitoring to ensure that Product and Technology controls are being met, document results and ensure remediation and training where necessary
• Ensure adequate oversight of Incident, Problem and Change as part of reporting metrics and continual service improvement in line with controls
• Manage the engagement with the Risk Function as SPOC and support the completion of annual risk assessments
• Act as SME on risk work completing first pass on RCSA / RAS / KRI/s /Process & Risk Taxonomies
• Chair and manage the monthly ICT Risk Register meetings and ensure actions and approvals are managed to timelines and shared to Risk Function
• Keep up to date on delivery of all new technology and functionality, ensure relevant controls are updated and adhered to
• Ensure documentation meets required industry and corporate standards and supervise and support the Policy Review cadence in the company
• Manage the preparation of the Board and Board Committee materials and ensure that items are submitted within the relevant deadlines
• Manage third party vendors in the procurement tool to ensure contracts are validated, POs and Invoices are processed in a timely manner, and Approvals are received from relevant stakeholders
• Oversee remediation activities and ensure IT controls are updated accordingly
• Provide a formal monthly reporting mechanism to management on the status of all activities

Responsibilities include managing the overall controllership function, overseeing artefact management, executing IT controllership controls, facilitating audit engagements, maintaining incident management, problem management and change management, supporting policy management and ensuring ongoing compliance with regulatory requirements.

Knowledge and Skills:

• 5 years experience in similar role
• Oversight on External and Internal Audit programmes
• Experience in regulated industry
• Risk experience as SME

If you are interested in this position, please contact Lindsay O'Leary for further specification details.