Governance Risk And Compliance Lead Grc It Exeter Hybrid Remote Job In Exeter

About Us:

At Cuckoo, we put our customers at the heart of everything we do, as we try to make their lives easier and their broadband faster. Because the truth is, we want them to actually feel good about their broadband. That’s why we call it feel-good broadband.

We’ve already topped MoneySavingExpert’s poll for the best customer service (twice) and are well on the way to achieving our overall aim: to become the UK’s most recommended way to connect.

So if you’re as customer obsessed as we are, and want to help change the face of the UK’s broadband industry, we’d love to hear from you.

About the role:

We’re looking for a skilled and motivated Governance, Risk and Compliance Lead to join our Cyber Security Team.This role will drive our Security Governance initiatives and align with Cuckoo Fibre's vision ofshaping the future of fibre telecommunications. This role will support Cuckoo’s colleagues whilst responding to the changing needs as we develop new business services. You’ll work with all parts of the business to ensure we operate a secure and supportable environment.

What you'll do:

Governance:

• Develop and implement a robust security governance framework to ensure we're adheringto industry standards and best practices - specifically the Telecoms Security Act, ISO27001 and NIST CSF.
• Establish and embed an effective governance forum, to enable collaboration and communications with IT, Security and business stakeholders.
• Conducting regular assessments to evaluate the effectiveness of governance frameworks and policy mechanisms and making suggestions for improvement.
  

Risk Management

• Establish a security risk management framework, define risk appetite and tolerance levels and conduct regular risk assessments and vulnerability scans.
• Collaborating with business stakeholders to gain an understanding of our business assets and critical processes.
• Assess and manage cybersecurity risks associated with third-party vendors and service providers. Implement the vendor risk assessment processes and ensure cybersecurity contractual requirements for cybersecurity are considered.
• Design and implement risk mitigation strategies to safeguard the organization's assets and interests.
• Monitor and report on key risk indicators andkeep stakeholders informed about potential threats and opportunities.
• Contribute to the development of organisational strategies that address the evolving business risks and information control requirements.
  

Compliance

• Stay up to date with relevant laws, regulations, and industry standards, ensuring the organisations compliance.
• Develop and manage compliance programs, policies, and procedures.
• Conduct regular logical and physical compliance audits and assessments, addressing any identified gaps or issues promptly.
  

Policy Development and Documentation

• Draft, review, and update company policies to ensure they align with regulatory requirements and business objectives.
• Maintain a comprehensive catalogue of policies, standards and procedures, ensuring accessibility and understanding among employees.
  
  

Training And Communication

• Develop and deliver training programs to educate employees on governance, risk, compliance, and cyber security awareness matters.
• Facilitate communication channels to promote a culture of compliance and risk awareness across the organization.

Other Responsibilities

• Support during cybersecurity incidents and attend the cybersecurity operation meetings.
• Advise on the deployment of appropriate tools and technologies and ensure that they align with the organisation's security standards.
• Conduct regular reviews and assessments of cybersecurity controls and processes, and implement lessons learned to ensure continued improvement
• Remain aware of emerging threats, vulnerabilities, and best practices in cybersecurity.

You should apply if you have:

• Experience of working in a highly regulated environment with a strong knowledge of security frameworks such as ISO27001, NIST CSF, PCI-DSS and Telecoms Security Act.
• A passion for working with a team implementing and driving best practice.
• Previous experience of working in a fast- paced and dynamic business
• A good understanding of cybersecurity principles, frameworks (such as ISO27001, NIST, etc.) and best practices; including knowledge of various security technologies, threat landscape, vulnerabilities and mitigation strategies.
• Familiarity with regulatory and compliance requirements (such as Telecoms Security Act, PCI DSS, etc.).
• Proficiency in risk management and assessment methodologies.
• Proven policy, procedure and standard development in all areas of cybersecurity.
• Exceptional skills in conducting cybersecurity assessments and audits, with the ability to interpret results and present to leadership.
• One or more of the following certifications: CISSP, CISM, CRISC, CISA, ISO27001 Lead

Life inside the nest:

• Annual Salary of up to £65,000
• 4x Life Assurance
• Income Protection
• Salary Sacrifice Pension
• 30 days holiday plus statutory bank holidays
• Enhanced Sick Leave
• Enhanced Family Leave
• Private Healthcare
• Private Dental Care
• Cycle 2 Work Scheme
  
• Health Cash Plan
• Shopping Discounts
• Discounted Breakdown Cover