Security Business Partner Greater Manchester

Key Responsibilities

• Apply effective risk management and decision-making to anticipate and assess information and cyber security risks across relevant business areas.
• Evaluate, manage, and mitigate the impacts of strategic information and cyber security initiatives on operational risk and control profiles.
• Enjoy a varied role with exposure to senior stakeholders and gain a breadth of knowledge across relevant business areas.
• Support and engage with Security stakeholders (second and third lines of defence) and other relevant stakeholders.
• Provide support on framework execution, including risk and controls assessments, control design, articulation, testing, and policy compliance, related to information and cyber security risks.
• Lead informed discussions of information and cyber security risk for relevant business areas and products.
• Create a culture of continuous improvement, increasing efficiency and productivity through people leadership, coaching, and skill development.
• Manage stakeholder relationships with Security, supporting them in managing their risk and control profile.
• Provide an aggregated view of the control environment for relevant information and cyber security business areas.
• Support relevant technology and digital business area interactions with second and third lines of defence on risk and audit engagements.
• Manage the completion of risk and control assessments in line with the Security risk framework.
• Produce and review risk committee packs relating to information and cyber security, including relevant MI and assessing the aggregated risk profile.
• Support Security in interactions with second and third lines of defence on risk and audit engagements.

Skills and Expertise

• Extensive understanding of relevant businesses, key products, and information and cyber security risks to enable informed risk discussions.
• Knowledge of risks and controls associated with information and cyber security, including industry frameworks (NIST, ISF SOGP, MITRE, COBIT, CRISC, etc.), and technology outsourcing risks.
• Demonstrable knowledge across cyber and information security domains (privileged access management, security operations, vulnerability management, governance).
• Proven ability to deliver high-quality outcomes and experience in applying information and cyber security risk and control assessments in operational and strategic contexts.
• Comprehensive experience in information and cyber security risk management and audit or control frameworks.
• Experience in a fast-paced information and cyber security risk or audit environment with shifting priorities.
• Strong senior stakeholder management skills.