Senior Cybersecurity GRC Specialist shaping Orion Pharma's cybersecurity governance, risk management, and compliance. Engaging with teams to enhance security posture and meet regulatory standards.
About the role
- Security Risk Specialist providing oversight and technical expertise in information and cyber security. Supporting robust risk management aligned with the Group’s Enterprise Risk Management Framework (ERMF).
Responsibilities
- Building relationships with risk and control owners acting as security risk specialist business partner to help deliver against customer, business and strategic outcomes.
- Providing pragmatic advice to support informed key risk decisions and trade-offs (balancing commerciality and risk appetite), being bold to ‘call it’, and influence senior decision makers.
- Proposing solutions to business problems, delivering oversight with insight and innovative thinking to address security risk challenges.
- Input into the implementation of a risk and control oversight plan to assess compliance to relevant laws, regulations, industry standards and established controls.
- Interpret new operational risk regulation and emerging security opportunities and threats accurately and adeptly.
- Forethinking the direction of travel and anticipating the impact of the proposed changes on the Group.
- Support control owners and specialists to implement control measures that are designed to achieve the control objectives.
- Regularly monitoring and validating the effectiveness of the design of control measures to ensure they are achieving the control objectives.
- Drive automation for risk and control measurement, monitoring, and reporting.
- Collaborate with security, data, and analytics teams to call out issues and define action plans, all in pursuit of sustainable risk management.
- Perform continuous monitoring and reporting of the Group’s exposure relative to risk appetite, highlighting any significant deviations.
- Identifies and develops key risk indicators and key performance indicators to enable appropriate monitoring.
- Support Security Risk Specialist colleagues, contributing to the design, implementation and continuous review and enhancement of risk policies and appetite, as well as the ongoing data-led Operational Risk control objectives to meet the needs of risk and control owners, control specialist teams, Audit and external regulators.
Requirements
- Deep operational expertise aligned to Information, Cyber, and Physical Security risk.
- The ability to assess and manage Security risk, including identification, establishing risk appetite, developing policies, ensuring compliance, designing effective controls, providing assurance oversight, and offering advice that balances risk and reward.
- Expertise in Information Security covering key areas such as asset security, security architecture and engineering, communication and network security, identity and access management, security assessment and testing, security operations and software development.
- Demonstrable curiosity and understanding of the emerging technologies shaping the risk landscape (inc. AI, Digital Ledger Technology, Quantum).
- Experience of data analysis and statistical methods to interpret and quantify risk (e.g. Cyber Risk Quantification)
- Knowledge of relevant laws, regulation, industry standards and established practice in technical subject area.
- Effective decision-making, skilfully balancing trade-offs while understanding business strategy and opportunity risks.
- Experience of assimilating a range sources of data and complex information to effectively problem solve and make relevant conclusions and recommendations.
- Effective communication skills to build partnerships and work collaboratively with others, including Risk Owner, Control Owner and Control Office to meet shared objectives.
- The ability to work effectively with all other lines of defence and understands the different but complimentary roles.
- A future-focused mentality by being able to conceptualise and articulate a customer centric desired end state that has clear line of sight to our Group Strategy.
Benefits
- A generous pension contribution of up to 15%
- An annual performance-related bonus
- Share schemes including free shares.
- Benefits you can adapt to your lifestyle, such as discounted shopping.
- 30 days’ holiday, with bank holidays on top
- A range of wellbeing initiatives and generous parental leave policies
Job title
Job type
Experience level
Salary
Degree requirement
Location requirements
Product Security expert ensuring secure software development at NETGEAR. Championing security practices and monitoring vulnerabilities while collaborating with development teams.
System Architect driving secure cloud - native applications using cutting - edge technologies for Product Security at Nokia. Leading AI - driven design and architecture with collaboration across global teams.
Cyber Security Engineer protecting data from threats in a fintech startup. Collaborating with the Information Security Team and implementing security controls for technical projects.
Junior Security Incident Responder in an innovative IT service company protecting clients against cyber threats. Collaborating with teams to enhance IT security and respond to incidents.
Security Incident Responder managing IT security incidents in the Security Operations Center, analyzing threats and coordinating responses effectively for clients' safety.
Senior Security Engineer developing and enhancing security infrastructure for Bank Frick, a pioneer in blockchain banking. Responsible for managing security processes and collaborating with IT teams.
Werkstudent Cyber Security bei Wavestone, Unterstützung im IT - Consulting und Entwicklung im Bereich Cyber - Sicherheit. Analyse von Trends und aktive Teilnahme an Teamaktivitäten.
Project Manager for Security Technology managing complex security projects in MENA region. Involving internal teams and external integrators ensuring project success and client satisfaction.
Cyber Security Manager at British American Tobacco strengthening cyber resilience across Western Europe. Responsible for managing security initiatives and collaborating with regional teams.