Clock icon

Reporting to the Deputy CISO, the Manager of UK IT Governance and Risk Management, is responsible for the design and execution of the IT Governance, IT Risk Management, Security Awareness, and Business Continuity/Disaster Recovery Programs in the United Kingdom. This Manager will maintain required certifications for UK operations and provide direct interface with representatives of the business at fuel and other operational locations.


Your day to day:

  • Establish and maintain the management framework for all IT Governance activities in the United Kingdom
  • Maintain certifications as required by governmental and regulatory authorities to operate in the UK
  • Establish and maintain the process for capturing, assessing, decisioning, and reporting risks across the areas of UK operations, both internally as well as coordinating into the enterprise risk management program through the Chief Information Security Officer’s organization
  • Support a framework for performing and overseeing the performance of IT risk assessments in accordance with established company risk management policies for projects and of suppliers/vendors where integration with IT systems is being proposed
  • Ensure alignment with Legal, Compliance, contractual, regulatory, and additional organizational stakeholder requirements
  • Create and maintain the Business Continuity Plan for IT services in the UK
  • Create and maintain the Disaster Recovery Plan for IT services in the UK
  • Identify, recruit, train, mentor, and develop direct report staff as required
  • Establish appropriate risk decisioning matrices and ensure alignment to business objectives and values in coordination with the Chief Information Security Officer’s organization
  • Develop on-demand reporting and dashboarding for self-service capabilities
  • Coordinate and act as the primary point of contact for IT audit and assessment activities internal and external for UK operations
  • Develop and maintain compliance metrics, supporting evidence, and required reporting based on the industry standards and best practices, such as Cyber Essentials, ISO 27001, NIST 800 series, and NERC-CIP, as appropriate
  • Develop and maintain a Security Awareness Program that keeps materials and training relevant to the organization in order to reduce information security risk across Westinghouse

What you need to be successful in this role:

  • Bachelor's degree in IT, related technical discipline, or equivalent experience. Master’s degree preferred
  • 7+ Years of information security, governance, risk and compliance, IT Audit, or related work experience
  • Professional certifications, such as CISA, CISM, CGEIT, CRISC, CISSP, or other applicable information security credentials is preferred

Skills and Competencies:

  • Knowledge of security and control frameworks, such as Cyber Essentials, NIST CSF, ISO 27000, and ITIL
  • Excellent written and verbal communication skills; interpersonal and collaborative skills; and the ability to communicate security and risk-related concepts to technical and nontechnical audiences
  • A broad and deep understanding of cyber-security threats, vulnerabilities, controls, and remediation strategies in global enterprise environments
  • Knowledge of technological trends and developments around information security and risk management
  • Knowledgeable of Information Security best practices and regulatory and compliance requirements that impact security globally
  • An ability to work well under pressure while maintaining a professional image and approach
  • An ability to effectively influence others to modify their perspectives, plans, or behaviors through direct and indirect authority
  • A team-focused mentality with the validated ability to work effectively with diverse partners
  • Strong interpersonal skills with proven ability to manage multiple high visibility issues at a time