IT & Security Risk Manager

IT & Security Risk Manager

Key Accountabilities / Responsibilities:
This role is pivotal to supporting the Senior IT & Security Risk Manager to
introduce and operate a new risk management framework for technology and
security. The role holder will help design, implement and maintain the risk
management lifecycle to ensure that IT and Security risks are identified,
assessed, mitigated and managed within Risk Appetite:
Support the Senior IT & Security Risk Manager to introduce a new risk
management framework across Group Technology:
 Design and implement risk management procedures to create a lifecycle of
continuous risk assessment and monitoring.
 Promote risk awareness and provide guidance to technology colleagues. 
 Liaise with the Group Enterprise Risk team to ensure Technology and
Security risks are aligned to Group risks and remain within appetite.
Work with Technology and Security teams to capture, assess and record risks,
design mitigating controls and track actions to completion.
 Run risk workshops with IT and security teams to identify risks, develop
team risk registers and provide ongoing support.
 Analyse issues, incidents, threats and vulnerabilities to determine where
risks may be present.   
 Work with stakeholders to plan risk mitigation and reduce residual risk.   
 Maintain the Group Technology and Information Security risk registers.
 Ensure all risk acceptance follows the Group Technology risk acceptance
process, and that accepted risks are reviewed regularly.
Collate risk information from across Group Technology to produce risk reports
and dashboards for Senior Management.
Participate in and contribute to relevant Kingfisher forums and communities. 

Required Skills & Experience:
 Proven experience identifying, assessing and managing IT and Security
operational risks, ideally in a large organisation. 
 Good working knowledge of security standards (ISO27001 or NIST CSF)
and IT operations best practice is essential.
 Must be able to articulate risks clearly, concisely and accurately both
verbally and in writing, therefore, English proficiency is essential.
 Proven experience building stakeholder relationships and influencing
change. 
 Able to articulate IT and Security risks to technical and non-technical
audiences.
 A recognised Risk Management qualification is desirable but not required.
 Knowledge of European languages is an advantage but not required.
 Proficiency in Microsoft Office tools is preferable.