Cyber and IT Risk Manager in Royston, Hertfordshire

The Purpose of the Cyber & IT Risk Manager is to complement and enhance Johnson Matthey's cyber security and IT/OT risk posture by identifying, assessing, analysing and communicating IT and cyber-security risks, and both the existence and efficacy of controls relating to those risks. The role is responsible for ensuring that the organisation understands, prioritises and appropriately manages its cyber and IT risks, with clear ownership and action plans being defined and progressed.

Your responsibilities:

• Develop, implement, schedule and drive a cyber and IT risk management program which includes regular assessment, prioritisation, and review of remediation and mitigation activities, with clearly defined management ownership.
• Ensure that the risk management program is aligned with business priorities and risk appetite, assessing and clearly communicating those risks in a non-technical, easily digestible manner that ensures all stakeholders can make informed decisions on these risks.
• Ensure that risks are assessed, recorded and communicated at the appropriate level of detail for both the audience and their effective mitigation, including maintaining a clear view of the linkages to enterprise-level (principal) risks and what actions drive a reduction in those risks.
• Engage with senior leaders across both IT and business units to drive pragmatic action plans for mitigation, including supporting the development of business cases.
• Developing and maintaining risk management processes, procedures, and tools to ensure timely identification, assessment, and mitigation of risks.
• Own and manage the security impact assessment process, ensuring that JM gains early visibility of potential risks associated with proposed changes.
• Own and manage the third-party risk management process, ensuring an effective prioritisation and tiering model is in place to identify and assess third parties that pose the most significant risk to JM.
• Developing, maintaining and operating cyber and IT controls assurance processes, including being responsible for the JM ITGC framework and ensuring system owners understand their responsibilities.
• Conduct thorough assessments of control environments, systems, processes, and practices to identify control gaps, including those associated with audit actions, customer and stakeholder requirements.
• Act as point of contact and co-ordination for cyber and IT-related audits, ensuring accurate information is provided and collating inputs from relevant teams.
• Keep up to date with regulatory and legislative developments relating to cyber and IT, identifying and assessing any changes that are relevant to JM and developing recommendations and action plans, communicating these as necessary to senior management.

Requirements for the role:

• Experience and knowledge of cyber and IT controls and supporting associated audits.
• Technical and/or practical experience of cyber security controls/capabilities and relevant standards e.g. ISO27001.
• IT controls implementation and assurance, including but not limited to IT general controls.
• Enterprise software capabilities and technologies, including but not limited to ERP, CRM, enterprise operating systems (e.g. Windows/Linux).
• Relevant legislation such as NIS2, GDPR and Computer Misuse Act.
• Relevant industry standards such as MITRE and NIST.
• Risk management best practices.
• Demonstrable experience in technology security-related roles, with demonstrable experience of identifying and managing information security risks in complex or critical scenarios.
• IT and/or cyber-security risk management experience.
• Knowledge and experience of writing technical reports, documentation, policies and standards accurately and to designated timescales.
• Understanding of enterprise IT infrastructure and architectures.

How you will be rewarded:

We offer a competitive compensation and benefits package including bonus, excellent pension contributions and 25 days annual leave (varies for shift-based roles). At JM, an inclusive culture is integral to our values and ambitions for the future. We are committed to ensuring that everyone can bring their full self to work and thrive in their career.

Johnson Matthey is open for discussion on part time, job share and flexible working patterns.

Closing date for applications: This job advertisement will be posted for a minimum of 2 weeks, early application is advised.

For any queries or should you require any reasonable adjustments to support your application please contact us. To submit your application, please click the "Apply" button online. All applications are carefully considered and your details will be stored on our secure Application Management System.

Johnson Matthey respects your privacy and is committed to protecting your personal information. For more information about how your personal data is used please view our privacy notice.

Johnson Matthey Plc is an equal opportunities employer and positively encourages applications from suitably qualified and eligible candidates regardless of sex, race, disability, age, sexual orientation, marriage or civil partnership, pregnancy or maternity, religion or belief.