Global IS Governance Lead

Our client is currently recruiting for the position of Global IS Governance Lead, based in Aberdeen.

Areas of Accountability, Responsibility and Competence:
* Works with the VP of Global IS Security and the Senior Manager of Risk & Compliance to support IS in delivering IT/OT governance activities.
* Provide direction and leadership for the Governance IT/OT function.
* Develop and execute the governance strategies in alignment with the overall long-term corporate strategy to improve efficiency and effectiveness.
* Partner with the Risk & Compliance Lead to identify, assess, and prioritise IT risks and ensure that governance practices effectively address these risks.
* Operates as the Subject Matter Expert/Primary Point of Contact for governance-related activities, providing guidance and education as required.
* Collaborate with the Cyber Manager to develop governance frameworks for incident response, ensuring IT policies support quick recovery and mitigation strategies.
* Leads pre-emptive activities to support Governance improvements while providing continuous input for process improvements.
* Ensures timely and accurate reporting for senior management and key stakeholders to support decision-making.
* Ensure that governance documentation is maintained and readily available for audits, working closely with the Risk & Compliance team to facilitate thorough reviews.
* Ensures that the audit tests, maturity assessments, self-certifications, and reviews are relevant, consistent, and conducted following professionally accepted auditing standards.
* Manages the development of policies and processes which align with core business functions.
* Uses professional knowledge and experience to set departmental goals which align with the overall function strategy.
* Monitors the progress of critical in-house programs and ensures regulatory compliance.
* Works with colleagues in International Business Units (IBUs) to ensure governance, standards and compliance are aligned and support international IS functions where required.
* May be required to provide out-of-hours support via an on-call rota.

Critical Skills:
* Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate compliance and risk-related concepts to technical and non-technical audiences at various hierarchical levels.
* Experience in managing a team.
* Operational Technology expert level
* Significant experience in implementing, managing, reviewing, and improving internal controls for governance, compliance, IT and OT audits, or assurance and risk management programmes.
* Proven track record of performing internal or external audits (financial/operational/IT and OT) by relevant professional standards.
* Expert level understanding of designing, implementing and operating IT and OT Control Frameworks
* Leads on complex assignments that require expertise and develops innovative GRC technical solutions.
* Provide expert-level technical support and monitor and improve processes and interventions for the GRC assurance programme.
* Validates operational GRC plans and oversees regulatory compliance and assurance.
* Proven track record and experience in developing policies and procedures and successfully executing programs that meet the objectives of excellence in a dynamic business environment.
* Demonstrated ability to work with and report to a governance board (i.e., Risk, audit committee or similar)
* IT and OTIL, CISA, CISM or equivalent preferred
* Highly proficient in audit methodologies, mainly but not limited to those applicable in IT and OT environments.
* BSc or equivalent experience or qualification in Computer Science or equivalent IT and OT work experience
* Understanding of regulatory requirements, including cross-industry regulations (e.g., NIST2, OG86M, GDPR, Data Protection Act) and industry-specific regulations.
* Highly skilled in designing and implementing compliance and control frameworks.
* Proficient in IT and OT governance and quality standards
* Knowledge of common information security management frameworks, such as ISO/IEC 27001, IT and OTIL, COBIT and OT, as well as those from NIST(2), including 800-53 and Cybersecurity Framework
* Excellent stakeholder management skills
* High level of personal integrity and the ability to professionally handle confidential matters and show appropriate judgment and maturity.
* Ability to work cross-functionally with relevant functions - e.g., group risk and group audit - to ensure standards are appropriately reflected in IS and OT-specific domains.

Permanent Position

If you feel that you are well suited to the above opportunity and would like to find out more then please contact Orion Group for more information or apply by forwarding your current CV quoting reference: PR/075243 .

Our role in supporting diversity and inclusion
As an international workforce business, we are committed to sourcing personnel that reflects the diversity and values of our client base but also that of Orion Group. We welcome the wide range of experiences and viewpoints that potential workers bring to our business and our clients, including those based on nationality, gender, culture, educational and professional backgrounds, race, ethnicity, sexual orientation, gender identity and expression, disability, and age differences, job classification and religion. In our inclusive workplace, regardless of your employment status as staff or contract, everyone is assured the right of equitable, fair and respectful treatment.