Thomson Reuter’s Information Security & Risk Management (ISRM) team is looking for an experienced individual to oversee and manage the Regulatory and Policy program. The role will be responsible for determining the current level of policy coverage to meet our regulatory, including customers, and internal requirements; and ensuring gaps are addressed, implemented and mitigated on an ongoing basis to ISRM leaderships expectations.
The ideal candidate will possess the right demeanor, skillset and experience to operate in the fast-paced and dynamic world of information security and risk, with experience in working on different assignments at a time, establishing and maintaining key relationships across a global & matrixed environment, and with aproven track record of detailed oriented delivery.
- Support the building and execution of the Policy program in alignment with overall Thomson Reuters ISRM strategy
- Identify regulatory, customer and internal requirements for control requirements
- Determine and maintain policy coverage reconciliation to drive strategy
- Establish and prioritise policy control implementations aligned to current policy coverage and requirements
- Execute the Policy implementation process ensure all respective steps are followed
- Oversee the ongoing operations of the policy working group
- Act as SME in all policy related areas including the writing of control language and scoping of policy documents
- Ensure the effective tracking of progress and implementation of policy controls
- Design, produce and socialise training and awareness materials to identified audiences
- Ensure the effective completion and tracking of exceptions
- Establish relationships with critical partners including General Counsel and Technology functions
- Identify, define and maintain key measurements related to implementation and maturity
- Communicate internally and externally in an organized and knowledgeable manner
- Leverage project management and project facilitation skills, especially with leading and facilitating project execution within a matrix organisation
- Actively contribute in the decision-making process relating to company business strategy by providing advice on regulatory changes/updates and analyzing legal and regulatory requirements towards the Company’s interests
- Deliver additional activities as defined by senior leadership
- Bachelor's degree in an IT or business-related discipline
- Extensive experience in IT governance and risk including financial services or internet driven environment.
- CISA, CRISC or CGEIT Certified
- Working knowledge of regulatory requirements, e.g GDPR, SOx, PCI-DSS, FFIEC and industry leading practices relating to compliance risk management programs and processes
- Possess strong verbal & written communication skills
- Led deployment of information security programs and solutions across complex environments
- Knowledge of industry wide information security frameworks including ISO 27001/2, NIST
- Strong critical thinking and group facilitation skills, specifically in large or complex problem settings
- Must be a strong cross-functional team player with ability to manage and coach others in a matrix structure, across time zone and national boundaries
- Ability to travel upto 8 weeks per year
- Must have unrestricted authorization to work in the United Kingdom
- Must submit to a background investigation, including verification of past employment, criminal history and educational background
- Good business acumen with a successful track record in aligning to business drivers
- Strong Report writing and document creation skills, including Microsoft PowerPoint
- Experience of managing an IT policy lifecycle program
- Experience of configuring and using GRC solutions
At Thomson Reuters, we believe what we do matters. We are passionate about our work, inspired by the impact it has on our business and our customers. As a team, we believe in winning as one - collaborating to reach shared goals, and developing through challenging and meaningful experiences. With more than 45,000 employees in more than 100 countries, we work flexibly across boundaries and realize innovations that help shape industries around the world. Making this happen is a dynamic, evolving process, and we count on each employee to be a catalyst in driving our performance - and their own.
As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. Thomson Reuters is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.