Office for Nuclear Regulation

This website uses non-intrusive cookies to improve your user experience. You can visit our cookie privacy page for more information.

Vacancy for Band 2 Information Technology Governance, Risk And Compliance Lead

Location Bootle, Cheltenham or London
Salary £53,543 - £61,921 (plus £4,052 London Weighting Allowance if applicable)
Close date 22 Jun 2021

Job description

The Governance, Risk and Compliance (GRC) Lead role is responsible for ensuring the Information Technology & Delivery Directorate (ITDD) adheres to agreed policies, procedures and standards. In addition, the role is focused on ensuring appropriate controls are implemented and monitored to provide appropriate evidence is available upon request.

This role will perform the lead responsibility for organising, managing and coordinating Information Technology and Delivery Directorate (ITDD) responses to internal, external and compliance audits. The role will also be responsible for monitoring against defined policies, standards and best practice requirements and identifying area of both non-compliance and improvement.

About the Role

The role will ensure that individual areas of the ITDD and third parties are fully aware of their responsibility to meet the overall compliance requirements and to ensure that these responsibilities are being effectively managed by the individual areas.

All the technology that underpins the ONR estate is bound by its compliance obligations. The consequence of failing these compliance obligations is material both from a financial and service perspective. It is the responsibility of this role to lead the organisation through achieving and maintaining its compliance. 

Principal Responsibilities

  • Leading on delivery of IT governance, risk and control across ONR.
  • Effective communication on risk and control to senior stakeholders and c-suite executives.
  • Influencing stakeholders at all levels in the organisation to deliver desired the best outcome.
  • Deployment and delivery of an IT governance, risk and control maturity framework.
  • Manage various GRC activities for in-scope systems e.g. SOP, Active Directory.  Carrying out activities such as Segregation of Duties (SOD)
  • Collation of evidence for compliance audits to clearly document and demonstrate control and governance of the ITDD systems and service.
  • Ensuring that policies, procedures, standards, and metrics are regularly reviewed and updated in conjunction with IT owners and relevant third parties
  • Maintain the ITDD risk management framework for compliance, managing the risk register, ensuring that risks are documented and reviewed, that risk mitigations are appropriately owned and associated actions completed
  • Maintain an overarching continuous improvement plan for the various ITDD teams and third party providers to ensure that infrastructure systems and processes are improved with a particular focus on compliance and clarity around policies and processes
  • Ensure that the CMDB containing the infrastructure and systems is accurately maintained by the various ITDD teams and third parties
  • Ensure personal knowledge and exposure to compliance requirements remains up to date, appropriate and relevant. 

Download full job description

Job Profile document Download
Updated 2014-12-15