Thomson Reuter’s Information Security & Risk Management (ISRM) team is seeking a Manager of Information Security Risk to provide technical leadership for a number of areas within their corporate technology function (Enterprise Technology & Operations), namely Platform Group, Data Centre Infrastructure Services (DCIS) and Managed Services. The Manager will report to the Business Information Security Officer (BISO) for these areas and is responsible for partnering with the business to define and implement an information security strategy that supports the businesses goals and objectives.
This individual will have a strong information security background and have a good understanding of customer, regulatory and business requirements. The candidate must be able to demonstrate relevant experience in a complex global organisation coupled with strong coordination skills which are essential due to the multiple stakeholders that this role partners with. The candidate must also have experience and effectiveness communicating across all tiers of the organization from technologists to the ‘C’ suite.
- ISRM relationship management with ET&O functions as highlighted above
- To build effective relationships and communications with cross functional teams including key stakeholder groups
- Manage issues, track remediation and register risks in partnership with the business units and ISRM
- Support the development of business unit scorecards to report compliance and risk metrics to drive change
- Tracking and reporting on key information security priorities such as compliance of applications to the information security policy, patching of applications and critical supporting infrastructure, and vulnerability management.
- Governance of penetration testing, application assurance, application certification and awareness programs with the business to address security vulnerabilities identified in applications and infrastructure
- Collaborate with the security architects to discuss potential solutions supporting the business strategy
- Facilitate engagements to identify projects that enable business development while ensuring the necessary security controls are in place
- Drives service level agreements as needed with stakeholder groups
- Act as an escalation point for vendor risk assessment results on vendors
- Proactively work with other BISO teams to share knowledge of initiatives that have a security impact on the CTO BU teams.
Essential Skills/Experience Required:
- Extensive demonstrable information security experience
- Must possess strong verbal & written communication skills
- Experience of technology leadership with breadth across information security
- Be a team player able to work effectively at all levels of an organization with the ability to communicate design rationale and influence others to move toward consensus
- Experience with developing security standards and educational cross-functional training
- Knowledge of industry wide information security frameworks including ISO 27001/2 and NIST
- Strong critical thinking and group facilitation skills
- Must be a strong cross-functional team player with ability to influence others in a matrix structure, across time zone and national boundaries
- Familiarity with a variety of application security architectures and supporting infrastructure such as networking, identity and access management, and cloud security.
- Must have unrestricted authorisation to work in the in the United Kingdom
- Must submit to a background investigation, including verification of past employment, criminal history and educational background
- Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)
Desired Skills/Experience Required:
- Service Management experience
- Incident Management experience
- Bachelor's degree in Information Technology related area
At Thomson Reuters, we believe what we do matters. We are passionate about our work, inspired by the impact it has on our business and our customers. As a team, we believe in winning as one - collaborating to reach shared goals, and developing through challenging and meaningful experiences. With more than 45,000 employees in more than 100 countries, we work flexibly across boundaries and realize innovations that help shape industries around the world. Making this happen is a dynamic, evolving process, and we count on each employee to be a catalyst in driving our performance - and their own.
As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. Thomson Reuters is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.
Intrigued by a challenge as large and fascinating as the world itself? Come join us.
To learn more about what we offer, please visit thomsonreuters.com/careers.
More information about Thomson Reuters can be found on thomsonreuters.com.