Job Description
Our client is currently recruiting for a Global IS Governance Lead. The role is on a permanent basis, offers hybrid working and gives the opportunity to be based in either the Aberdeen or London office.
ROLE
The Global Information Systems (IS) and Operational Technology (OT) Governance Lead shall manage and drive Governance to improve IS and OT processes and operations by supporting a programme of internal audits and external maturity assessments against adopted standards.
- Governance Framework Development: Lead the development, implementation, and maintenance of an effective Global IT and OT governance framework aligned with organisational goals and objectives.
- Policy and Procedure Development: Maintain IT and OT governance policies, procedures, and guidelines to govern IT and OT decision-making.
- Strategic Alignment: Collaborate with senior management and business leaders to ensure that IT and OT strategies, initiatives, and investments are aligned with business objectives and priorities.
- Performance Monitoring: Establish key performance indicators (KPIs) and metrics to monitor and track the effectiveness of IT and OT governance processes.
- Reporting: Prepare regular reports on IT and OT governance performance and outcomes for management and stakeholders.
- Stakeholder Engagement: Establish and maintain effective communication and collaboration with stakeholders, including IT and OT teams, business units, senior management, and external partners, to promote understanding and support for IT and OT governance initiatives and objectives.
RESPONSIBILITIES
- Works with the VP of Global IS Security and the Senior Manager of Risk & Compliance to support IS in delivering IT/OT governance activities.
- Provide direction and leadership for the Governance IT/OT function.
- Develop and execute the governance strategies in alignment with the overall long-term corporate strategy to improve efficiency and effectiveness.
- Partner with the Risk & Compliance Lead to identify, assess, and prioritise IT risks and ensure that governance practices effectively address these risks.
- Operates as the Subject Matter Expert/Primary Point of Contact for governance-related activities, providing guidance and education as required.
- Collaborate with the Cyber Manager to develop governance frameworks for incident response, ensuring IT policies support quick recovery and mitigation strategies.
- Leads pre-emptive activities to support Governance improvements while providing continuous input for process improvements.
- Ensures timely and accurate reporting for senior management and key stakeholders to support decision-making.
- Ensure that governance documentation is maintained and readily available for audits, working closely with the Risk & Compliance team to facilitate thorough reviews.
- Ensures that the audit tests, maturity assessments, self-certifications, and reviews are relevant, consistent, and conducted following professionally accepted auditing standards.
- Manages the development of policies and processes which align with core business functions.
- Uses professional knowledge and experience to set departmental goals which align with the overall function strategy.
- Monitors the progress of critical in-house programs and ensures regulatory compliance.
- Works with colleagues in International Business Units (IBUs) to ensure governance, standards and compliance are aligned and support international IS functions where required.
- May be required to provide out-of-hours support via an on-call rota.
REQUIREMENTS
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate compliance and risk-related concepts to technical and non-technical audiences at various hierarchical levels.
- Experience in managing a team.
- Operational Technology expert level
- Significant experience in implementing, managing, reviewing, and improving internal controls for governance, compliance, IT and OT audits, or assurance and risk management programmes.
- Proven track record of performing internal or external audits (financial/operational/IT and OT) by relevant professional standards.
- Expert level understanding of designing, implementing and operating IT and OT Control Frameworks
- Leads on complex assignments that require expertise and develops innovative GRC technical solutions.
- Provide expert-level technical support and monitor and improve processes and interventions for the GRC assurance programme.
- Validates operational GRC plans and oversees regulatory compliance and assurance.
- Proven track record and experience in developing policies and procedures and successfully executing programs that meet the objectives of excellence in a dynamic business environment.
- Demonstrated ability to work with and report to a governance board (i.e., Risk, audit committee or similar)
- IT and OTIL, CISA, CISM or equivalent preferred
- Highly proficient in audit methodologies, mainly but not limited to those applicable in IT and OT environments.
- BSc or equivalent experience or qualification in Computer Science or equivalent IT and OT work experience
- Understanding of regulatory requirements, including cross-industry regulations (e.g., NIST2, OG86M, GDPR, Data Protection Act) and industry-specific regulations.
- Highly skilled in designing and implementing compliance and control frameworks.
- Proficient in IT and OT governance and quality standards
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, IT and OTIL, COBIT and OT, as well as those from NIST(2), including 800-53 and Cybersecurity Framework
- Excellent stakeholder management skills
- High level of personal integrity and the ability to professionally handle confidential matters and show appropriate judgment and maturity.
- Ability to work cross-functionally with relevant functions – e.g., group risk and group audit – to ensure standards are appropriately reflected in IS and OT-specific domains.