Senior Specialist, Information Security, Risk and Compliance in London

Save the Children International has an exciting opportunity for a Senior Specialist, Information Security Risk and Compliance to join our global team.

Team and Job Purpose

The Cybersecurity and Information Assurance team is responsible for safeguarding the confidentiality, integrity, availability of all SCI's information assets (data and systems). The team is responsible for identifying, assessing and managing cybersecurity and information risk and investigating and managing cybersecurity incidents and data breaches.

The Senior Specialist, Information Security Risk and Compliance Officer will play a key role in ensuring SCI addresses information and cybersecurity risks in a timely and effective manner. Reporting to the Director of Information Security and Data Protection, the role will work closely with colleagues in the cybersecurity operations and information assurance teams as well as teams across IT and the wider organisation to support risk and compliance activities.

The role will be responsible for keeping the IT Risk Register up to date and coordinating risk mitigation actions across the organisation. The role is also responsible for the coordination of all information security compliance activities including Cyber Essentials, ISO27000 and NIST CSF.

Principal Accountabilities

• Support the Director of Information Security with the effective and timely management of all information security risk and compliance activities.
• Maintain the IT Risk Register, ensuring that newly identified risks are recorded and assigned to the appropriate risk register.
• Schedule and administer risk register review meetings; track open risks and liaise with risk owners to ensure they are addressed.
• Coordinate with the IT/TD Project Management Office (PMO) to ensure new projects and initiatives follow prescribed governance processes.
• Conduct information security risk assessments and reviews in association with the Cybersecurity Operations Manager and Information Security Architect and communicate risk assessment outcomes to technical and non-technical stakeholders across SCI.
• Coordinate all information security compliance activities including internal audits, Cyber Essentials, ISO27000 and NIST CSF.
• Work closely with colleagues in the Global IT Operations team to facilitate the annual Global IT Controls Assessment of all Country and Regional Offices.
• Coordinate responses to all internal and external audit and assurance activities.
• Support and contribute to the development of information security risk and compliance policies, procedures and standards.
• Identify opportunities to continually improve SCI's information security risk and compliance capabilities.

Experience and Skills

• Demonstrable experience working in an information security function or related GRC role.
• Strong knowledge of information security / cybersecurity management principles.
• Working knowledge of at least one globally recognized information security framework such as ISO27000, NIST CSF or Cyber Essentials.
• Experience of conducting information security risk assessments or reviews.
• Demonstrable experience of advising stakeholders in relation to risk remediation.
• Good knowledge of commonly applied technical and organizational information security controls.
• Ability to work with a range of business stakeholders to understand and articulate their activities in line with defined standards.
• Good verbal and written communication skills.
• Self-motivated, with a proactive and collaborative approach, and a strong results orientation.
• A commitment to the mission, vision and values of Save the Children.
• Knowledge of different information risk assessment methodologies (both qualitative and quantitative).
• Good understanding of Enterprise IT including cloud computing technologies (SaaS/PaaS/IaaS).
• Experience of working with Business Analysts, Project Managers, Change Managers and Project Management Offices.

Education and Qualifications

• Undergraduate degree or diploma in a relevant discipline or equivalent work experience.
• Post-graduate qualification in information security or relevant industry certification, e.g. CRSIC, CISM, CGEIT, CISA, etc.

Working at Save the Children International

Save the Children is the world's leading organisation for children, employing ~25,000 staff. We save children's lives. We fight for their rights. We help them fulfil their potential. Through our work in 116 countries, we put the most deprived and marginalised children first.

We know that great people make a great organisation, and that our employees play a crucial role in helping us achieve our ambitions for children. We value our people and offer a meaningful and rewarding career, along with a collaborative and inclusive environment where ambition, creativity, and integrity are highly valued.

The work here is challenging but is also immensely rewarding. At Save the Children, you will be in good company, working with talented, like-minded individuals who are determined to ensure that all children survive, learn, and are protected. Your contribution will help ensure children's voices are heard at the highest levels, and that we achieve our global strategy, Ambition for Children 2030, and reach every last child.

Diversity, Equity and Inclusion and Equal Opportunities

DEI is core to our vision, values and global strategy. Save the Children is committed to creating a truly diverse, equitable and inclusive organisation, and one which will support us in our vision to ensure every child attains the right to survival, protection, development, and participation.

We are committed to equal employment opportunities, regardless of gender, sexual orientation, race, colour, ethnic origin, nationality, disability, marital or civil partnership status, gender reassignment, pregnancy and maternity, caring or parental responsibilities, age, or beliefs and religion. We are committed to diversifying our staff to better represent the communities we serve and actively welcome underrepresented groups to apply.

Reasonable adjustments will be made should any candidate invited to interview require this.

Application Information

Please attach a copy of your CV and cover letter with your application. A full copy of the role profile can be found here via the job listing. It is recommended that you save a copy of the role profile as it will no longer be available after the advert closes.

Applications will be reviewed on a rolling basis and the job advert may be closed earlier than advertised subject to the volume of suitable applicants. Please submit your application at your earliest convenience to avoid disappointment.

Due to the high volume of applications we receive, only shortlisted candidates will be contacted. Candidates who are successfully shortlisted should expect to hear from us within 2 weeks of the advert deadline.

Our recruitment process:

• Application review by our recruiting team based on your CV and cover letter.
• Two-stage competency-based interviews with the hiring team.
• Some recruitment may include an additional assessment or case study stage, or a third stage interview.
• If successful, you will receive a conditional offer of employment, followed by your contract subject to passing background checks.

We need to keep children and adults safe so our selection process includes rigorous background checks and reflects our commitment to the protection of children and adults from abuse. All employees are expected to carry out their duties in accordance with our Code of Conduct and all policies and procedures relating to Anti-harassment, Health and Safety, Safeguarding, and DEI and Equal Opportunities.

Save the Children does not charge a fee at any stage of the recruitment process.