Job descriptionSupply Systems IT Risk and Controls Manager
Length: 12 Months
Rate: £230.00 - £270.00 per day
Hours: 9am – 6pm
Our client’s Digital & Technology (DT) is a multi-functional, digital delivery function established to liberate and equip markets to deliver the company’s strategic priorities. This is achieved through:
- Putting customers at the heart of delivery
- World class end to end process execution
- Generating performance enhancing insights from data
- Providing CPG leading digital capabilities and solutions
- Responding to and embracing change
D&T plays a critical role in enabling the company’s digital agenda through delivering the strategic priorities in many areas, including E-Commerce, Digital Marketing, Demand Sensing and Manufacturing Optimisation.
The Supply product line support team sits within the Run team and the aim is to enable greater stability and security through a structured and consistent approach to delivering IT operations.
The Supply Systems IT Risk and Controls Manager is responsible for providing assurance that the systems used are protected and safeguarded using a risk-based approach.
Information will be protected using organisational and technical controls that comply with IM&S security policies, standards and guidelines (PSGs). The role will have a good understanding of how IM&S PSGs can effectively be embedded across the market.
The team needs to be able to translate the cyber and compliance agenda into practical application across Supply – turning the discussion into action, proactively planning and responding to the emerging threat
- Work with Supply to evaluate the financial impact of loss of the company’s critical information assets; as part of Risk Analysis
- D&T is a global organisation delivering services to our client’s markets across all technology solutions. This role leads the defined product line in the RUN organisation.
- There are over 180 IT applications in use across the Supply presently.
- Supply Business is a global organisation including factories/offices in Global Brands Supply (GBS) – Europe, NAM, LAC, Africa and Asia.
- This role will work closely with the Supply Function to report on risk factors and required actions.
- Business savvy: A
- Functional Knowledge (Supply): A
- Prepared for Disruptors: M
- Risk Management Knowledge: A
- Infrastructure, Application Knowledge: M
- Contractual Knowledge (IT Vendors): L
- ITGC and Controls Awareness: A
- Soft Skills and Communications: M
This role will have overall accountability for control execution and risk management o[ZL1] f the supply applications, while ensuring that we continually work to improve, enhance, and simplify support alongside risk management and any associated costs.
Goal is to insure supply applications and services are run securely and in stable fashion. Core responsibilities include:
- Optimal level of controls tracked
- Provide Risk view of applications and servers.
- Feed risk priorities into Plan Team for timely remediation
- Identify and analyse cyber security risks. Classify them based on impact and likelihood.
- Propose mitigation plans for those detected risks.
- Manage and follow up the entire risk life cycle until full mitigation or acceptance.
- Maintain a cyber security risk register.
- Keep up to date with the latest security and technology developments.
- Produce reports for both technical and non-technical staff and stakeholders.
- Regular communication with Plan team as part of a multi-team effort to manage risk
- Accountable for the execution of all the required controls
- Provide LT with the information needed to assess the health of the services and continued optimisation
- Interface with LT and Stakeholders to and keep them up-to-date with risks and opportunities
- Drive down controls and compliance gaps
- Drive down systems running at risk (measured by number of vulnerabilities, systems running on EOL infrastructure)
- Provide risk management view across Supply Product Line
- To support the annual CARM activities
- Line Management: set annual performance targets for individuals and the team. Provide coaching, training, and support to enhance the team’s capability
- Strong analytical skills to measure risk and the effectiveness of IT controls to mitigate risks
- Experience of performing a similar role in the company or at other similar organisations.
- ITIL v3 foundation qualified.
- ISACA CISM/CISSP qualified
- Excellent analytical and technical skills.
- Ability to understand and determine when issues should be escalated to a higher level.
- Excellent communication and interpersonal skills, with an ability to handle difficult situations.
- Degree level qualification
- Ability to produce clear written material with a keen attention to detail.
- Ability to communicate technical information in a clear and understandable manner to non-technical stakeholders.
- Strong analysis and decision-making skills.
- Commercially and contractually aware.
- Ability to build highly efficient and excellent relationships with our client’s suppliers and internal senior stakeholders.
- Experienced in leading teams that operate in a tiered and remote working structure