IT Quality, Risk & Security Manager
Reporting directly to the CEO the department of quality and risk Manager is responsible for the implementation, review and continual improvement of the company management systems and standards.
These include: quality assurance, enterprise risk, business continuity planning and information security.
Within this role with your team of 2 specialists, you are responsible for working cross-functionally within all departments to ensure that all company operational activities are continually assessed and challenged.
Your aim is to achieve maximum security and efficiency throughout the business and to ensure all activities remain compliant to company policy and all relevant legislation. The role is a strong Operational oriented position.
The Quality and Risk Manager is also responsible for regular reporting and meeting with senior stakeholders on all activities under its remit.
Quality Assurance (QA) Management Systems
- To maintain certification to the ISO9001 and ISO14001 international quality standard
- To promote a quality assurance and continual improvement culture in all areas of the business
- To review process documentation to ensure adequacy and consistency is maintained
- To report to senior management and client on the performance of the quality management system
Perform audits internal, third parties and upon Client request.
- To represent the Company during external compliance audits.
- To oversee internal quality audits on all key processes within the business
- Perform risk assessments of business unit practices against selected Information Security control standards and previous audit results to identify gaps
- Ensure action plans are established to address Risks identified and follow-up as necessary to ensure appropriate mitigation has been put in place.
Enterprise Risk (ERM) Management
- Provide formal updates regarding risk through an annual risk review and through monthly Governance, Risk and Compliance (GRC) meetings
- To ensure an effective Risk Register is in place covering pro-actively all key areas of the business, action planning risk mitigation and closing off risks.
- To promote an enterprise risk culture across all areas of the business
- Responsible for risk management and sign off on all changes to core services and for all phases of new projects implementation
Information Security (IS) Management Systems
- Strategic planning, identification and implementation of initiatives related to Information Security across all areas of the business
- To maintain certification and continual improvement across the business to ISO27001 Information Security Management System, ISO9001, ISO14001
- To maintain compliance to Payment Card Industry Data Security Standard (PCI-DSS) throughout the business.
- Manage external vendors in their performance of controlled vulnerability scanning and penetration testing on applications, network protocols, and databases
- To implement, document and ensure adherence to company Information Security policies, promote application of best practice throughout the business.
- Coordinate and perform technical security audits on the Company IT infrastructure to ensure sensitive data is stored and processed securely (e.g. firewall review, server hardening, access control, anti-virus, patch management, vulnerability assessments, incident response etc.)
- Provide information security advice to the decision-making process for all major IT infrastructure and operational changes within the business
- Provide input on information security policies, standards, baselines, and other related documents, as requested
Data Protection (DP) Compliance
- To maintain all operational processes are compliant to General Data Protection Regulations (GDPR)
- To provide guidance and expertise to all levels of the business on DP issues
- To promote a culture of customer data security awareness throughout the business
- Perform data protection audits on the Company’s key service providers (data processors) to ensure all service providers are complying with the GDPR
- Business Continuity Plan (BCP) Management
- Responsible for documenting and the continual maintenance of the Business Continuity Plan (BCP) which covers all key activities of the business
- Responsible for the regular testing of the BCP in line with the Disaster Recovery (DR) Plan
- Continual improvement and annual review of the BCP and DR plans
- 5 plus years’ working experience in quality and risk management for an Operation
- Senior stakeholder management and communication experience
- Bachelor's or master's degree
- Knowledge of Information Security Management systems and Payment Card Industry standards and Data Protection regulations is essential
- Knowledge of ISO9001Quality Assurance Standard and ISO14001 is desirable
- Certification to one or more of the following CISA, CISSP, CISM and ISO27001 Auditor would be advantageous
· Strong Experience with project management with a track record of success
- Excellent presentational and communications skill are essential
- Results orientated, proactive and reactive
- Experience of working within a changing and high-performance environment
- Ability to manage a team effectively and maintain an efficient client relationship
- You are a motivated talented individual with a strong willingness to think outside of the box.
- You can expect plenty of autonomy in this role, therefore you will need the motivation to take initiative with your team to improve our current performance
For more info contact Eoin on 01 474 4613 or apply for this role online
Following your application for this specific role, Sigmar may contact you regarding other positions that we feel you may be suitable for. If you do not wish to be contacted about other opportunities please let us know. For further information please refer to the Privacy Statement on our website.