The Information Security & Risk Manager is responsible for GBS being compliant with security requirements across multiple teams, including both physical (ListX) security and system security. In this role, you will apply your knowledge as a security professional to ensure that processes, systems and employees are compliant with latest HMG policy. The work involves performing security risk assessments, advising on actions required to obtain (or maintain) accreditation and educating our teams on latest best practice.Main responsibilities include:
Perform security assessments and advise on actions required to achieve / maintain accreditation.
Produce the Risk Management Accreditation Documentation Set (RMADS).
Perform independent reviews (of processes, IT / information vulnerabilities) and recommend improvement actions
Develop a security risk strategy; lead on implementation actions required and take on assigned actions as appropriate (e.g. briefing staff)
Liaise with other security professionals in the security office, covering physical & personnel security
Work with GBS project managers and solution architects.
The successful candidate will be self-motivated to keep abreast of security risks, cyber trends and mitigation actions and be looking to take a leading role in advising security policy on high complexity secure systems.
Certified as a CLAS consultant (through CESG) or a CESG Certified Professional (CCP)
High level of experience working in relevant security or risk management roles
Experience in advising suppliers or clients on information security
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.