Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead cyber and IT risk management, ensuring effective communication and mitigation of risks.
- Company: Join Johnson Matthey, a global leader in sustainable technologies with a commitment to innovation.
- Benefits: Enjoy competitive pay, excellent pension contributions, 25 days annual leave, and flexible working options.
- Why this job: Be part of a diverse team tackling global challenges while making a positive impact on the environment.
- Qualifications: Experience in cyber security, IT controls, and risk management is essential; strong communication skills are a must.
- Other info: Open to part-time and flexible working arrangements; early applications encouraged.
The predicted salary is between 43200 - 72000 £ per year.
The Purpose of the Cyber & IT Risk Manager is to complement and enhance Johnson Matthey's cyber security and IT/OT risk posture by identifying, assessing, analysing and communicating IT and cyber-security risks, and both the existence and efficacy of controls relating to those risks. The role is responsible for ensuring that the organisation understands, prioritises and appropriately manages its cyber and IT risks, with clear ownership and action plans being defined and progressed.
Your responsibilities:
- Develop, implement, schedule and drive a cyber and IT risk management program which includes regular assessment, prioritisation, and review of remediation and mitigation activities, with clearly defined management ownership.
- Ensure that the risk management program is aligned with business priorities and risk appetite, assessing and clearly communicating those risks in a non-technical, easily digestible manner that ensures all stakeholders can make informed decisions on these risks.
- Ensure that risks are assessed, recorded and communicated at the appropriate level of detail for both the audience and their effective mitigation, including maintaining a clear view of the linkages to enterprise-level (principal) risks and what actions drive a reduction in those risks.
- Engage with senior leaders across both IT and business units to drive pragmatic action plans for mitigation, including supporting the development of business cases.
- Developing and maintaining risk management processes, procedures, and tools to ensure timely identification, assessment, and mitigation of risks.
- Own and manage the security impact assessment process, ensuring that JM gains early visibility of potential risks associated with proposed changes.
- Own and manage the third-party risk management process, ensuring an effective prioritisation and tiering model is in place to identify and assess third parties that pose the most significant risk to JM.
- Developing, maintaining and operating cyber and IT controls assurance processes, including being responsible for the JM ITGC framework and ensuring system owners understand their responsibilities.
- Conduct thorough assessments of control environments, systems, processes, and practices to identify control gaps, including those associated with audit actions, customer and stakeholder requirements.
- Act as point of contact and co-ordination for cyber and IT-related audits, ensuring accurate information is provided and collating inputs from relevant teams.
- Keep up to date with regulatory and legislative developments relating to cyber and IT, identifying and assessing any changes that are relevant to JM and developing recommendations and action plans, communicating these as necessary to senior management.
Requirements for the role:
- Experience and knowledge of cyber and IT controls and supporting associated audits.
- Technical and/or practical experience of cyber security controls/capabilities and relevant standards e.g. ISO27001.
- IT controls implementation and assurance, including but not limited to IT general controls.
- Enterprise software capabilities and technologies, including but not limited to ERP, CRM, enterprise operating systems (e.g. Windows/Linux).
- Relevant legislation such as NIS2, GDPR and Computer Misuse Act.
- Relevant industry standards such as MITRE and NIST.
- Risk management best practices.
- Demonstrable experience in technology security-related roles, with demonstrable experience of identifying and managing information security risks in complex or critical scenarios.
- IT and/or cyber-security risk management experience.
- Knowledge and experience of writing technical reports, documentation, policies and standards accurately and to designated timescales.
- Understanding of enterprise IT infrastructure and architectures.
How you will be rewarded:
We offer a competitive compensation and benefits package including bonus, excellent pension contributions and 25 days annual leave (varies for shift-based roles). At JM, an inclusive culture is integral to our values and ambitions for the future. We are committed to ensuring that everyone can bring their full self to work and thrive in their career.
Johnson Matthey is open for discussion on part time, job share and flexible working patterns.
Closing date for applications: This job advertisement will be posted for a minimum of 2 weeks, early application is advised.
Cyber and IT Risk Manager employer: Johnson Matthey
Contact Detail:
Johnson Matthey Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Cyber and IT Risk Manager
✨Tip Number 1
Familiarise yourself with the latest cyber security frameworks and standards, such as ISO27001 and NIST. Being able to discuss these in detail during your interview will demonstrate your expertise and commitment to the field.
✨Tip Number 2
Network with professionals in the cyber security industry, especially those who have experience in risk management. Attend relevant conferences or webinars to gain insights and make connections that could help you stand out.
✨Tip Number 3
Prepare to discuss real-world scenarios where you've identified and managed IT risks. Use specific examples to illustrate your problem-solving skills and how you can apply them to Johnson Matthey's needs.
✨Tip Number 4
Stay updated on current regulations and legislation affecting cyber security, such as GDPR and the Computer Misuse Act. Showing your awareness of these changes will highlight your proactive approach to risk management.
We think you need these skills to ace Cyber and IT Risk Manager
Some tips for your application 🫡
Understand the Role: Before applying, make sure you fully understand the responsibilities of a Cyber and IT Risk Manager. Familiarise yourself with key terms and concepts related to cyber security and risk management, as this will help you tailor your application.
Tailor Your CV: Customise your CV to highlight relevant experience in cyber security controls, risk management, and technical documentation. Use specific examples that demonstrate your ability to identify and manage IT risks effectively.
Craft a Strong Cover Letter: Write a compelling cover letter that outlines your passion for cyber security and your understanding of Johnson Matthey's mission. Mention how your skills align with their needs and how you can contribute to their goals.
Highlight Relevant Experience: In your application, emphasise any previous roles or projects where you successfully managed cyber security risks or implemented IT controls. Be specific about your achievements and the impact they had on the organisation.
How to prepare for a job interview at Johnson Matthey
✨Understand the Cyber and IT Risk Landscape
Before your interview, make sure you have a solid grasp of current cyber security threats and IT risk management practices. Familiarise yourself with relevant standards like ISO27001 and legislation such as GDPR. This knowledge will help you demonstrate your expertise and show that you're proactive about staying informed.
✨Communicate Clearly and Effectively
Since the role involves communicating complex risks to non-technical stakeholders, practice explaining technical concepts in simple terms. Use examples from your past experience to illustrate how you've successfully communicated risks and solutions in previous roles.
✨Prepare for Scenario-Based Questions
Expect to be asked about specific scenarios related to cyber security incidents or risk assessments. Prepare by thinking through past experiences where you identified risks, implemented controls, or managed audits. Be ready to discuss the outcomes and what you learned from those situations.
✨Showcase Your Collaborative Skills
The role requires engaging with senior leaders and various teams. Highlight your experience working cross-functionally and how you've driven action plans in collaboration with others. Be prepared to discuss how you build relationships and influence decision-making in a team environment.
