Senior Manager, IT Security, Risk & Compliance

Role Overview

The Senior Manager, IT Security, Risk & Compliance is responsible for developing, implementing, and maintaining an effective information security, risk management, and compliance program. This role ensures that the organization's information assets are adequately protected and compliant with regulatory requirements and industry standards. The Senior Manager leads a team of professionals and acts as a subject matter expert to advise on best practices and risk mitigation strategies.

Key Responsibilities

• Provide people and operational management and be accountable for the development, implementation, communication, maintenance and governance in line with the IT security, risk and compliance strategy and roadmaps.
• Working as part of the IT Security Risk and Compliance team, you will become the
trusted adviser of IT security expertise in your areas, pro-actively providing security
leadership and guidance to business divisions, projects and 3rd parties.
• Work alongside with our Global Head of IT Security Risk & Compliance to contribute
effectively to our IT Security Strategy, Governance Framework, and Roadmap.
• Supporting & implementing Information Security Management Systems (ISMS) and
Ensuring the development and management of IT security policies, standards, best
practice guidelines, and support tools in line with Dyson’s security strategy.
• Cultivate core relationships between internal stakeholders and external partners and
other third-party entities that support Dyson’s security requirements for handling sensitive data.
• Develop best practices to drive IT security risk and compliance assessment
(ISMS/PCI/SWIFT/ITGC) across Dyson’s infrastructure, systems and applications
operated by Global IT, business divisions and operating entities in markets.
• Act as a single of contact (business partner management) for all security engagement in projects to support key initiatives from IT, business divisions and markets.
• Coordinate audit findings across Global IT & Cyber Security pillars to proactively driving risk remediation.
• Drive security campaigns globally to effectively enhance security awareness across
Dyson global network. 
• Provide necessary consultancy and steer to Dyson IT, in close collaboration with the
other Cyber Security and Business functions to ensure framework and controls are
applied consistently across.
• Responsible for reporting and communication to relevant IT stakeholders about the level of compliance to the policy framework. Drive Dyson’s key IT stakeholders for
remediation of repeated non-compliance to the policy frameworks by working with IT
and the Group senior management and ensure there is enough support to actions that
might need to be taken to enforce compliance.
• Drive and co-ordinate all IT security compliance assessment (ISMS/PCI/SWIFT/ITGC)
on behalf of IT in respect to Dyson Cyber Security Framework. The responsibility includes ongoing management of IT security standards in close collaboration with Group Security, Information Risk Management, Data Governance, Privacy, Legal &
Compliance, and Internal Audit.

• Plan and collate measurement metrics that will provide a realistic view of the compliance state of the IT environment of Dyson to all stakeholders. Manage an internal security risk & compliance team to drive and implement the controls effectively.
• Engage in discussions concerning the control framework with Internal / External Auditors (audit related); cooperate in completion of such audits.
• Oversee the closure of audit action points and issues; work with the IT department heads to ensure accuracy and completeness of responses.
• Conduct training, awareness, case study sessions on themes relevant to the current
control environment to ensure uniform appreciation of existing risks and controls among the Operations teams.
• Initiate programmes/projects/analysis (as necessary) to pave way for a better control
framework and continuous improvements across Dyson.

Requirements

• Bachelor’s degree in Computer Science, Information Security, or related field (Master’s preferred)
• 10+ years of relevant IT security experience, with at least 3 years in a management or senior leadership role
• Professional certifications or equivalent preferred
• In-depth experience with regulatory frameworks and standards
• Strong knowledge of risk management, security operations, incident response, and business continuity
• Proven ability to develop and implement effective security strategies and programs
• Excellent communication, leadership, and influencing skills
• Experience working with legal, audit and compliance stakeholders

Dyson is an equal opportunity employer. We know that great minds don’t think alike, and it takes all kinds of minds to make our technology so unique. We welcome applications from all backgrounds and employment decisions are made without regard to race, colour, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other any other dimension of diversity.