Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Drive cyber security awareness and manage risk processes across teams.
- Company: Join DS Smith, a leader in sustainable packaging with a global presence.
- Benefits: Enjoy a competitive salary, bonus, pension, and 25 days holiday.
- Why this job: Make a real impact on information security in a dynamic environment.
- Qualifications: Experience with security standards like ISO27001 and strong analytical skills.
- Other info: Opportunity for professional growth and engaging with diverse stakeholders.
The predicted salary is between 48000 - 72000 £ per year.
About DS Smith
DS Smith, an International Paper Company, are a leading provider of sustainable packaging solutions, paper products and recycling services in more than 30 different countries across EMEA with over 30,000 colleagues.
About the role
Reporting to Head of I&T GRC, Governance and Risk Lead will be responsible for driving information and cyber security awareness, delivering security awareness training including phishing and facilitation of cyber scenario desktop simulations across central and manufacturing site teams. You will review, manage and where required prepare responses to internal and external customer enquiries in relation to information and cyber security arrangements. You will support IT, procurement, legal, data protection and digital security and business stakeholder in relation to supplier information and cyber security due diligence and requirements. As the successful candidate you will also lead risk-based party security assurance, management, and continuous improvement activities. In addition, facilitate and coordinate IT risk management risk register, tools, process, reporting and review. You will take responsibility for managing a subset of aspects of ISO 27001 related documentation and control activities. As the I&T Governance and Risk Lead you will have the responsibility of aspects of the I&T GRC scope, delegated and assigned by the Head of I&T GRC.
Key Accountabilities
- Engage with key IT and business stakeholders in relation to:
- Risk management.
- Security awareness training.
- Facilitation of cyber scenario desktop simulations across central and manufacturing site teams.
- Customer security questionnaires.
- Supplier security reviews, risk management and requirements.
- Manage and continuously improve I&T and Security risks processes in accordance with company risk appetite and tolerance, validating that risk is clearly articulated and management response is well defined.
- Engage risk review and assurance activities across existing suppliers.
- Provide IT and business advice on aspects of security standards and regulations such as ISO27001, NIST CSF, PCI DSS, NISD and NIS2.
- Engage with I&T system owners to provide training in relation to information security, cyber resilience, phishing, and facilitation of cyber scenario desktop simulations across central and manufacturing site teams.
About you
- Working knowledge of technology and security standards, controls and consequences across both IT and manufacturing environments in manufacturing or similar industries.
- Experience working with information security standards and frameworks such as and regulations such as ISO27001, NIST CSF, PCI DSS, NISD and NIS2.
- Proven analytical, problem-solving, planning, project delivery and supplier work packages management skills.
- Demonstrable experience of engaging across all levels of a company in relation to information and cyber security risks.
- Working towards or achieved professional certifications (ISO27001 lead, ISC2, CISM or CRISC) advantageous.
Benefits
- Competitive salary
- Company bonus
- Pension scheme
- Life assurance
- Income protection
- 25 days holiday plus bank holidays
- Electric Car / Bike to Work schemes
#J-18808-Ljbffr
Information and Technology Governance & Risk Lead employer: DS Smith
Contact Detail:
DS Smith Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Information and Technology Governance & Risk Lead
✨Tip Number 1
Network like a pro! Reach out to your connections in the industry, attend relevant events, and engage with professionals on platforms like LinkedIn. We can’t stress enough how important it is to make those personal connections that could lead to job opportunities.
✨Tip Number 2
Prepare for interviews by researching the company and its culture. Understand their approach to information security and risk management. We recommend practising common interview questions and tailoring your answers to highlight your experience with ISO27001 and other relevant frameworks.
✨Tip Number 3
Showcase your skills through real-life examples. When discussing your experience, focus on specific projects where you’ve successfully managed risks or improved security processes. We want to see how you’ve made an impact in previous roles!
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets noticed. Plus, we love seeing candidates who are proactive about their job search. Let’s get you that role as the I&T Governance & Risk Lead!
We think you need these skills to ace Information and Technology Governance & Risk Lead
Some tips for your application 🫡
Tailor Your CV: Make sure your CV speaks directly to the role of Information and Technology Governance & Risk Lead. Highlight your experience with information security standards like ISO27001 and any relevant certifications you have. We want to see how your skills align with what we're looking for!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're passionate about information security and how your background makes you a perfect fit for our team. Don’t forget to mention specific experiences that relate to the key accountabilities in the job description.
Showcase Your Problem-Solving Skills: In your application, give examples of how you've tackled challenges in risk management or security awareness training. We love seeing candidates who can think critically and come up with effective solutions, so don’t hold back on sharing your success stories!
Apply Through Our Website: We encourage you to apply through our website for a smoother process. It helps us keep track of your application and ensures you’re considered for the role. Plus, it’s super easy – just follow the prompts and submit your materials!
How to prepare for a job interview at DS Smith
✨Know Your Standards
Familiarise yourself with key information security standards like ISO 27001, NIST CSF, and PCI DSS. Be ready to discuss how these frameworks apply to the role and share examples of how you've engaged with them in past experiences.
✨Showcase Your Communication Skills
As this role involves engaging with various stakeholders, practice articulating complex security concepts in simple terms. Prepare to demonstrate your ability to facilitate training sessions or simulations, as this will be crucial for the position.
✨Prepare for Scenario Questions
Expect scenario-based questions that assess your problem-solving skills in risk management and cyber security. Think of specific situations where you successfully managed risks or improved security processes, and be ready to explain your thought process.
✨Highlight Continuous Improvement
Discuss your approach to continuous improvement in security processes. Share examples of how you've identified areas for enhancement and implemented changes, as this aligns with the company's focus on managing and improving I&T and Security risks.