Cyber Security - Head of Governance, Risk and Compliance

Are you ready to chart your own career path? At SJP, we need talented individuals like yourself to support our evolving culture. If you're seeking an employer that is passionate about excellence, innovation, and autonomy, SJP could be the place for you.

At a glance:

Location: Cirencester Office

Workplace Type: Hybrid

Employment Type: Permanent

Seniority: Mid-Senior Level

The role:

The Head of Governance, Risk and Compliance will report into the Chief Information Security Officer. They will have technical and risk specialists reporting into them that support identification, management, and prioritisation of Information security risks within the first line of defence. (SJP Operates the 3LOD Model). This role does not have a matrix reporting requirement but will interface directly with Group Risk, Technology Executive, and other forums as required.

The role is responsible for overseeing and reducing the organisation's exposure to cyber risks by managing governance, risk identification, and compliance reporting. This role will ensure that information security risks are consistently quantified across first-line teams and escalated to Group Risk when necessary. Additionally, the role involves maintaining the information security control framework, assessing progress against agreed target states, and supporting the refinement and prioritisation of initiatives outlined in the Information Security Strategy.
What you'll be doing:

• Establish and operate the first line Cybersecurity Risk Framework across the SJP Group, ensuring legal entities are aligned with the group approach and cyber risk quantification is consistent and centrally managed.
• Ownership of the monthly and quarterly committee reporting for Information Security, ensuring relevant MI and KPIs are defined and reported by area leads within the Information Security function.
• Develop and maintain our cyber governance framework to ensure alignment with industry best practices (CE+, ISO27001, and NIST) and regulatory expectations for the group.
• Lead the Governance approach for Information Security, defining Terms of Reference for Information security committees, including oversight of our 3rd party risks in relation to InfoSec.
• Be a standing member of boards and committees, specifically Data Privacy and Protection Committee (DPPC) and Information Security Steering Group (ISSG).
• Oversight and management of Information Security Policies aligned with our control objectives and risk appetite.
• Lead audits and assessments related to cyber security (internal and external). Monitor evolving regulatory landscapes and ensure that changes are incorporated into policies and controls. Support external regulatory engagements, such as regulatory submissions and incident reporting.
• Support the creation, implementation, and refinement of the Information Security Strategy. Ensure strategic initiatives are prioritised based on risk and business impact.
• Oversee the design, implementation, and effectiveness of cyber security controls. Lead control testing, reporting, and remediation efforts. Ensure the control framework is regularly updated to reflect new threats and regulatory changes.

Who we're looking for:

A leader who can foster and support collaborative teams, excellent presentation skills, and the ability to translate complex technical issues into simple terms. An independent worker who is articulate, analytical, and has a solution-focused approach.
Essential Criteria

• Extensive experience in a cyber risk or compliance focused role for Information Security
• Liaison with key leaders and external bodies to articulate security risk
• Cyber risk classification and control management
• Audit assurance and regulatory engagement (internal or external audits)

Desirable Criteria

• Holding certifications such as CISSP, CISM, CRISC, or equivalent security governance qualifications
• Experience in Financial Services or a highly regulated industry
• Third party risk management expertise

What's in it for you?

We reward you for the work you do, whether that's through our discretionary annual bonus scheme that reflects both personal and company performance, competitive annual leave allowance (28 days plus bank holidays, with the option to purchase an additional 5 days), or an online rewards platform with a variety of discounts.
We also have benefits to support whatever stage of life you are in, including:

• Competitive parental leave (28 weeks full pay)
• Private medical insurance (optional taxable benefit)
• 10% non-contributory pension (increasing with length of service)

Reasonable Adjustments
We're an equal opportunities employer and want to ensure our recruitment process is accessible and inclusive for all. If you require reasonable adjustment(s) at any stage, please let us know by emailing us at careers@sjp.co.uk.
Research tells us that applicants (especially those from underrepresented groups) can be put off from applying for a role if they do not meet all the criteria or have been on an extended career break. If you think you would be a good match for this role and can demonstrate some transferable experience, please apply, regardless of whether you tick every box.

What's next?

If you're excited about this role and believe you have the skills and experience we're looking for, we'd love to hear from you! Please submit an application by clicking 'apply' below, and our team will be in touch.
As a business regulated by the FCA, we would advise you to familiarise yourself with the conduct regulations and in particular consumer duty obligations prior to an interview with SJP.

#LI-VG1