Senior Information Security Governance & Risk Analyst

What it's like to work at Landmark:

At Landmark, you'll find a friendly, dynamic, and supportive team that values bold ideas, big dreams, and active curiosity. We foster a culture of innovation, encouraging everyone to contribute to the development and direction of our products and services, while continuously seeking new and efficient ways to work.

Collaboration and sociability are at the heart of what we do, and we take pride in coming together to achieve great things.

We offer a range of benefits to support your well-being and career growth, including:

• Competitive Salary
• Generous Holiday Allowance: 25 days' holiday plus bank holidays, with the option of adding up to 5 additional unpaid leave days per year
• Annual Lifestyle Allowance: £300 to spend on an activity of your choice
• Pension Scheme: Matched up to 6% for the first 3 years, and up to 10% thereafter
• Private Health Insurance: Provided by Vitality
• Group Income Protection Scheme
• Charitable Fundraising: Matched funding for your efforts
• Cycle to Work and Gym Flex Schemes
• Internal Coaching and Mentoring: Available throughout your time with us
• Training and Career Progression: A strong focus on your development
• Family-Friendly Policies
• Free Parking

Join us at Landmark and be part of a team that supports your ambitions and growth, both personally and professionally.

The Opportunity

This role involves overseeing Landmark's risk management practices, performing both qualitative and quantitative data analysis, and effectively communicating findings to diverse audiences. Key responsibilities include leading risk assessments, presenting results, recommending actions, and promoting best practices. Additionally, the role focuses on enhancing risk management processes, conducting internal reviews, managing a team of analysts, and ensuring the effective implementation of risk treatment actions. Proficiency in FAIR is highly desirable.

Furthermore, the role is responsible for maintaining security policies and procedures in alignment with ISO 27001 standards to ensure compliance and robust information security management. This includes conducting regular audits, updating policies, and implementing training programs to keep all stakeholders informed. The role also involves assessing supplier compliance with security requirements and mitigating risks associated with third-party vendors.

The role will involve:

• Lead the performance of Risk Assessments and present detailed results, recommending actions to address risks and drive best practices.
• Oversee the maintenance and continuous improvement of the risk management framework and artefacts.
• Enhance and refine processes and procedures for risk analysis and management activities.
• Integrate advanced risk management principals into policies, procedures, and standards, ensuring they are relevant and up to date.
• Ensure that thorough internal reviews are conducted to assess and improve the organisation's risk posture.
• Manage and mentor a team of risk analysts, providing guidance and support to ensure professional development and effective performance.
• A working knowledge of the FAIR (Factor Analysis of Information Risk) assessment methodology is highly desirable
• Coordinate with teams to ensure effective implementation, verification, and closure of risk treatment actions.
• Maintain our ISMS in line with the ISO27001:2022 standard and ensure policies and procedures are effective across our organisation.
• Lead the response to 3^rd party information security audits and questionnaires
• Lead collaboration with Compliance and other teams on external and internal audits and reviews.
• Work closely with our procurement team to ensure that Supplier risks are effectively assessed and managed.
• Review 3^rd party and customer security schedules to ensure we can meet the obligations outlined

About You

You will have experience in an Information Security GRC role or in compliance, auditing, data protection, information security, risk management, or a related field. You will excel at translating policy statements into actionable, implementable risk and security controls that can be monitored, audited, and continuously improved. You will possess the ability to evaluate their effectiveness and recommend enhancements.

Additionally, you will have:

• The drive and motivation to make improvements
• Excellent communication skills
• A proven track record in identifying Information Security risks and providing suggestions on mitigation/treatment through the implementation of risk treatment plans
• Good understanding of common information risk and security management standards, frameworks, and laws / regulations: e.g. ISO/IEC 27001, GDPR, NIST 800-53, etc.
• Experience using FAIR (Factor Analysis of Information Risk) methodology to quantify risks
• Experience with data mapping and risk assessment tools and processes that identify information security and cyber risks to business assets and operations is highly desirable

About Us

Landmark Information Group holds a wide portfolio of market leading Prop-Tech (property technology) businesses that span an incredible range of markets and technology platforms across the sector.  We are at the forefront of innovation and thought leadership in the property industry, being a supplier of national property-related data.

We deliver award-winning solutions to estate agency, conveyancing, surveying, lender valuations, land asset management, environmental consultancy, and Government markets.  This is a chance to join the business as we make major steps forward in leveraging the latest cloud and large-scale technologies to start bringing together the entire market to a unified platform.

We are proud to be an equal opportunities employer.  We celebrate diversity and are committed to creating an inclusive environment for all employees.