Risk Lead - Coventry, United Kingdom - Sainsburys

Sainsburys

Verified Company

Coventry, United Kingdom

2 weeks ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

The Risk Lead is responsible for managing, reducing data and information security risk and minimising business exposure.

They will use collaborative business engagement to deliver consistent risk management services and controls that meet the organisation's risk appetite and strategic direction.

The role has the following responsibilities:

Overseeing the risk framework and further maturing risk management processes
across the areas of Data Governance, PCI, Supplier and Cyber Security
Supporting the development of Security Control and Policies, which align to the organisation's risk appetite
Work in collaboration with the Service Assurance and Tech Operations to manage joint Data/ Cyber risks and streamline common processes and reporting
Overall coordination and remediation of Data Governance and Information Security Risk
Assist with creating and delivering information security risk training for colleagues and raise the profile of effective Data and Cyber risk management across the business

The role will require you to continually drive improvements within the team, measure and evolve our capability to ensure our services are delivered effectively and in line with Sainsbury's future ways of working.

What you need to do

Manage the Risk Team and oversee existing risk governance processes
Help identify, assess and manage strategic, operational and emerging risks in the Data and Cyber space
Build and maintain strong senior stakeholder relationships within technology and the business, to understand cyber security risk and controls and drive robust riskbased decision making
Articulate, quantify, and monitor risk appetite
Interface with business and thirdparty service providers, hold them to account on Supplier based risks and actively support mitigation activities
Review and improve the approach for centrally delivering cyber risk management training and awareness within the department
Mature visibility and ownership of risks in the organisation and support the Product Assurance team to derive effective reports around product related risks
Provide risk status reports for key stakeholders including the Data Governance Committee and Tech Leadership team.
Own the relationship with our risk and governance software provider.

What you need to know and show

Outstanding stakeholder management skills effectively influencing and partnering with peers and leaders across the Group
Excellent interpersonal communication skills and able to effectively articulate in both technical and nontechnical terms
Demonstrative experience in Information Security and/or Information Governance
CISSP or CISM or equivalent is nice to have but not essential. Computer Science degree nice to have but not essential
Risk Management experience and demonstrated ability in Risk Management Frameworks
Capable of working independently to resolve problems and escalate when necessary
Experience presenting and reporting on project plans and progress to appropriate stakeholders, executives, and senior management
Strong analytical and report writing skills
Understanding of Data and Cyber related risks in a complex organisation (including regulatory requirements)
Drive, ambition, and enthusiasm

What decisions I can make

Recommend appropriate risk scores and risk mitigation
Recommendation to the wider organisation on matters relating to data and information security risks, including course of action around remediation
Responsible for the overall delivery of the risk programme within the team.
Day to day decisions around Team management and administration.
Recruitment of new colleagues.

Resources available to me