TalkTalk is a fast, dynamic and vibrant place to work, and our colleagues are always super busy innovating and adding value to our customers. This role recognises that, which means you will think of creative ways to manage risks and work collaboratively within Security team to keep risks within TalkTalk’s risk appetite, whilst maintaining a robust and effective framework. Providing on-going support and advice is a necessity.
Here are some of the expected responsibilities you will own and deliver on:
- Assess and identify security risks relating to internal systems / applications and external / suppliers.
- Manage the identified security risks to mitigation.
- Manage risk moderation exercises and influencing decisions by delivering substantiated recommendations.
- The maintenance and continuous improvement of key IS risk management processes, including security risk assessments and third-party supplier risk assessments.
- Management of key third-party relationships and/or managed partnerships that deliver risk and security risk processes.
- Providing informative and timely updates on Tech and Security risks at appropriate senior governance forums.
- Identifying, analysing opportunities for improvement within risk management and IS risk management frameworks, technologies, and processes, collating your recommendations for review.
- Supporting the delivery of Information Security Training & Awareness activities, including the delivery of annual mandatory training and new starter training.
- Taking responsibility as directed, for driving and implementing both process and cultural change in line with strategy and policies.
- Support IS compliance audits such as ISO27001, PCIDSS, NIST.
- Undertaking any other tasks as directed by Head of Security Risk management.
You will have a good knowledge in Security Risk Management Frameworks, have coverage in internal and external Security Risk Assessment and Management. You will be confident with stakeholder coordination, negotiation and conflict management. Ideally, you will be a qualified information security professional – CRISC, CISM, CISSP. Ideally you will also have experience in using a governance Risk and Compliance tool
As a recognised Top 50 Inclusive Employer in the UK, we know that diversity means success and innovation. We want our workplace to reflect the communities and customer we serve. Being inclusive is part of our DNA; we are all 100% human, and we create a culture where you can truly be yourself.
We’re also not your usual 9-5. We are a dynamic workplace and we want to talk to you about how you like to work.