Senior Cyber Security Manager - GRC
Hybrid
Cambridge, United Kingdom
Full Time
11-03-2025
Job Specifications
Are you a GRC specialist? Want to play a crucial role in the development, implementation, and management of the Jagex's Governance, Risk, and Compliance (GRC) framework? Want to do that for one of the worlds leading online games companies?
This position will report to the Director of Cyber Security to ensure the company's information security policies and practices align with both industry regulations and internal strategic objectives, particularly focusing on supporting game development processes.
This is an opportunity
What you'll be doing{{:}
}GRC Framework Development{{:
}
} Develop and implement a comprehensive GRC framework that aligns with industry standards such as ISO 27001, NIST CSF, PCI-DSS, and GD
P
R Manage and update the information security policies, ensuring they are current and relevant to evolving ris
k
s Ensure alignment with legal, regulatory, and contractual obligations specific to the game development indust
r
y Oversee the creation, implementation, and regular review of security policies, standards, and procedur
e
s Collaborate with business units to ensure that policies are understood, accessible, and appropriately enforc
e
d Risk Management{{
:
}} Identify, assess, and manage technical and non-technical security risks associated with game development, live operations, and supporting infrastruct
u
re Develop risk treatment plans, work with game development teams to mitigate identified risks, and track remediation effo
r
ts Compliance & Audit Management{
{
:}} Lead internal and external audits for compliance certifications, ensuring successful completion with minimal business disrup
t
ion Manage the lifecycle of compliance initiatives such as PCI-DSS, GDPR, and other regional requirements affecting game development operat
i
ons Stay informed of industry trends and changes in regulations that may impact security compliance eff
o
rts Training & Awareness{
{:}} Develop and deliver a security awareness program that targets various departments, with an emphasis on secure coding and game development prac
t
ices Ensure continuous education across the company on security policies, risks, and compl
i
ance Vendor & Third-Party Risk Management
{
{:}} Evaluate the security posture of third-party vendors and partners, ensuring their practices align with the company's security po
l
icies Oversee the third-party risk management process, conducting vendor security assessments and managing associated
risks What you'll nee
d
{{:}} Extensive experience in a GRC role within the gaming, technology, or software development ind
u
stries Proven experience in managing security policies, risk assessments, and compliance programs (such as ISO 27001, PCI-DSS, GDPR
,
etc.) Knowledge & Skil
l
s{{:}} Deep understanding of governance, risk, and compliance processes as they relate to game dev
e
lopment Strong knowledge of security frameworks and standards like ISO 27001, NIST CSF, SOC 2,
a
nd GDPR Experience leading security audits and working with both internal and external
a
uditors Strong risk management skills, including conducting risk assessments, developing treatment plans, and overseeing remediation
efforts Excellent written and verbal communication skills, with the ability to convey complex security topics to technical and non-technical stak
e
holders Relevant security certifications such as CISA, CISM, CRISC, or ISO 27001 Lead Imp
l
ementer Soft Ski
l
ls{{:}} Strong leadership and project management abilities, with a track record of managing cross-functio
n
al teams High attention to detail, proactive in identifying risks, and a solution-oriented
approach Ability to thrive in a dynamic, fast-paced game development en
v
ironment What we o
ffer{{:}}When you join Jagex you can look forward to a generous Perks & Benefits package incl
u
ding{{:}} Private Healthcare, including
D
ental Plan Minimum 6% Pension co
n
tributions Employee Assistance Programme & onsite
C
ounselling Lif
e
Insurance Discretionary annual perfor
m
ance bonus Enhanced family leave policies
from day 1 Flexible wo
r
king hours 25 days annual leave + Bank holidays & the option to buy/sell holidays + so
much more! Please note that due to us approaching the Christmas & New Year break, we have many people among the hiring teams who are on annual leave or will be absent due to the studio closing over the holi
day period.This means that, in most cases, applications made during December are unlikely to proceed to interview until January 2025. We appreciate your patience during
this time. Collaboration is at the heart of Jagex. We love getting together with our teams to share ideas and
socialise.Flexibility really is the key to how we set up working schedules, we'll discuss your needs with you and be transparent about the working schedules of the team you'll be working with during our intervi
e
w process. About
Jagex{{:}}Make forever ga
mes with us.Jagex is a thriving international games company with a growing library of forever game IPs for core gamers. We have such huge expertise at running games for the long term that we re-define expectations for what evergreen success
looks like.We create spaces for our players to come together - with each other and with us - inside and outside of our games. We empower our players with real influence on the game's evolution. We help our players belong. Our community experiences give players a greater stake in what they're playing, creating loyal f
orever fans.These strengths inform our vision of our studio as a thriving international games company with a growing library of forever game IPs for core gamers. Our forever games will nurture sizable communities whose loyalty provides consiste
nt revenues.This in turn drives our mission{{:}} We create forever fans by empowering our community. We give players experiences worthy of their long-term time investment and actively collaborate with them to shape the games and the community fo
r the better.If this is something you want to be a part of,
get in touch.We have 500 of the industry's most talented individuals in our Cambridge studio; if you share our values and ambition, we'd love to talk to you. Worried you don't meet all the requirements in the spec? Your attitude, fresh perspective and experience is just as important to us; if you think this could be the perfect job for you
, let's talk.
About the Company
A leader in creating deep and engaging forever games on PC, Console & Mobile that empower our communities. Jagex was founded in 2001 and is today one of the UK’s biggest and most respected video game developers and publishers. Famed for its flagship MMOs RuneScape and Old School RuneScape, Jagex has welcomed more than 300 million player accounts to its world and created a $1bn lifetime franchise revenue. Today the RuneScape franchise exists beyond running games in live operations; our titles are forever games that connect a... Know more
Related Jobs
- Company Name
- Barclay Simpson
- Job Title
- Security Architect
- Job Description
- This leading wealth management firm seeks an IT Security Architect to join the group InfoSec function in London. The role is an individual contributor position. As the Security Architect, you will have a varied and busy role, working on security architecture reviews for business applications and projects. This will require you to review the HLD, consider the risks, carry out threat modelling using STRIDE and opine on security. You will also be required to spend 30-40% of your time authoring blueprints and reusable patterns. The role will best suit someone who started their career in a 'hands-on' infrastructure/cloud role but who is now an experienced security architect. The successful candidate will have strong threat modelling skills, experience of working on business applications and projects, and good knowledge of Microsoft and Azure. Previous financial services experience will be beneficial. The role is offered as Hybrid/London with a salary of £110,000-£115,000 base plus excellent benefits and bonus.
- Company Name
- prosource.it
- Job Title
- Cyber Security Analyst
- Job Description
- 2571 – Cyber Security Analyst – Aberdeen or London Are you a highly motivated and skilled Cyber Security Analyst looking for your next challenge? Join a dynamic team where you'll play a key role in safeguarding critical information assets. As a Cyber Security Analyst, you'll be responsible for identifying, evaluating, and reporting cybersecurity risks to ensure robust cyber assurance. Working alongside the Operational Security team, you'll carry out second-line assurance activities to uphold the confidentiality, integrity, availability, safety, privacy, and recovery of crucial information in line with regulations. You’ll also collaborate with internal teams and third-party vendors to assess and manage third-party cyber risks effectively. This hybrid role, based in Aberdeen or London, follows a 3/2 working pattern, with at least three days onsite each week. What you’ll do Work with the Project Team, Operations and Information Systems (IS) Security team to support IS in the delivery of secure, reliable, and safe IS operations to the business Work across vendors, project teams and wider IS team to define IS Security requirements for systems and solutions that meet the businesses security requirements Research and provide security solutions for complex application and systems integrations Provide support on the full life cycle of design, development and operation of security tools and services Build successful peer relationships with other IS and business functions Follow the formal governance mechanism to establish and monitor effective controls for the processes and functions performed by the IS Security team Support IS Security to achieve regulatory and statutory compliance requirements Complete cyber risk assessments, including third party suppliers Apply threat modelling principles to complex system and solution designs to identify security risks and appropriate mitigations Support, monitor and recommend improvements to cyber incident management processes Provide input and support to operational projects related to cyber security What to bring Experience of working in an organisation distributed across different geographies and time zones, with the ability to communicate security goals (preferred) Excellent analytical, problem solving and execution skills (essential) Strong cyber security-specific experience, support by relevant industry certifications (e.g. CySA+, Security+) and risk management knowledge (essential) Knowledge and experience working across a diverse range of cyber security tools, including SIEM technologies, EDR, NIDS etc. (essential) Self-motivated with a willingness to go the extra mile to achieve important goals (essential) Excellent verbal and written communication skills, including the ability to explain technical concepts and technologies to technical and non-technical audiences (essential) Cyber Security KPI monitoring and delivery (preferred) Experience engaging 3rd party security specialists to provide additional assurance. (preferred) Understanding of assessing data security and governance requirements and identifying suitable controls. (essential) Experience of delivering cloud focused security solutions with a solid understanding of modern cyber threats and threat modelling techniques (preferred) Good understanding of security frameworks (NIST CSF, Mitre ATT&CK) (essential) What You’ll Get in Return: We are committed to recognising and rewarding hard work and offer a competitive salary and benefits package which includes (but is not limited to) the following; Company Pension Scheme Private Medical Insurance Private Dental Insurance Group Income Protection Plan Group Life Assurance Cycle to Work Scheme Prosocial Events Electric Car Salary Sacrifice Scheme We also believe effective training and development benefits both the individual and the organisation as a whole and contributes to the achievement of the company’s mission. We encourage all our employees to further their skills and experience via various methods of learning. If an employee elects to self-study in their own time, the company will fund the self-study materials and exam fees. Furthermore, once the exam is passed, the employee will be entitled to an incentive bonus. If you are enthusiastic, willing to always learn and looking for a challenging but rewarding position where you work for a forward-thinking organisation who offer excellent opportunities, please send your CV to talent@prosource.it. We welcome applications from disabled candidates, so if you have any access needs or may need adjustments in the assessment process - just let us know. Successful candidates will be subject to background and right to work checks. About us prosource.it is a professional services provider in technology. Established as a traditional provider of managed IT services, prosource.it has evolved with industry and the rapid pace of change within the technology sector. We recognise the importance of people and business process in the successful adoption of technology and change. Our readiness to embrace and apply change comes from our people and we offer a variety of business services across the lifespan of successful technological deployment and adoption. We are a people centred business with a global workforce of 500 plus staff and contractors. Our values are central to what we do and how we do it. We feel they are simple and easy to relate to and we are always looking to welcome new people to the team who share our vision and values. We pride ourselves on being easy to deal with, agile and accepting of change across a wide range of challenging and rewarding roles. We are a team of ‘can do’ and ‘how can I help’ individuals committed to teamwork, partnership, service excellence and delivery. www.prosource.it
- Company Name
- Torbay and South Devon NHS Foundation Trust
- Job Title
- Cyber Security Manager
- Job Description
- The Cybersecurity Manager has a pivotal role within the organisation, reporting directly to the Deputy IT Operations Manager. The role holder will oversee and manage the cybersecurity function within IT Operations with the primary objective being the provision and maintenance of secure, efficient IT services to support healthcare delivery and the digital strategy of the Trust. Collaborating with cross-functional teams, vendors, and stakeholders, they will develop strategies, implement best practises, and ensure the reliability, availability, and security of IT systems in line with national and local cybersecurity frameworks, policies and guidance. The Cyber Security Manager oversees the daily operations of the cyber security team, ensuring high-quality service delivery. They act as a subject matter expert, providing guidance to the cyber and senior leadership teams, and build strong relationships with diverse stakeholders. Key responsibilities include managing the IT Operations cyber function, implementing best practices, and assessing risks using methods like Agile and Lean. They advise on securing data and systems during partnerships and new projects, analyze and report on high-risk areas, and review cyber threats and vulnerabilities. The role involves coordinating the cyber security incident response plan, ensuring compliance with security controls, and contributing to the overall cyber strategy. They also identify and organize cybersecurity training, use security tools for intrusion detection, and manage large projects such as annual pentests. Additionally, the Cyber Security Manager oversees the operation of information systems and security tools, provides assurance to the Board on security controls, and liaises with external organizations during incident investigations. They play a crucial role in delivering high complexity and risk-based digital transformation, ensuring the organization's cyber security posture is robust and resilient. Why Work With Us Our dynamic department comprises a talented and motivated team of IT professionals, who bring a wealth of expertise and experience to the table. With a strong work ethic and a collaborative mindset, we strive for excellence in delivering top-notch IT services. Our team members embrace a culture of continuous learning and innovation, constantly staying updated with the latest technological advancements. We take pride in our ability to overcome challenges and find creative solutions. Working together, we foster a supportive environment where everyone's contributions are valued, and professional growth is encouraged. It's a rewarding experience to be part of this team, where we collaborate seamlessly and leverage our skills to drive success for the organization. For further details / informal visits contact: Name: Bob Baker Job title: Deputy IT Operations Manager Email address: bobbaker@nhs.net Telephone number: 01803653420
- Company Name
- Tenth Revolution Group
- Job Title
- Head of Cyber Security - Remote - London - £85k - £100k
- Job Description
- Job Description Head of Cyber Security - Remote - London - £85k - £100k My client are searching for a Head of Cyber Security to join a dynamic PE-backed business, and lead enterprise efforts across IT Security, Cyber Security and Information Security. Salary And Benefits Salary up to £100,000 depending on level of experience Fully remote working (1-2 days in London office per month) Performance-based bonus 25 days annual leave plus bank holidays, with opportunity to buy & sell Pension contribution matched up to 4% Flexible working hours Role And Responsibilities Implement and manage security controls for Microsoft and Azure infrastructure. Lead vulnerability management and incident response. Enhance security monitoring and IAM with Microsoft tools. Drive security architecture and ensure endpoint security. Support M&A security assessments and maintain compliance. Collaborate with Senior Leadership, and provide expert guidance on threat mitigation and security best practices Successfully utilise the MS Security Stack including Defender, Sentinel and Entra ID Report directly into the CIO and lead a team of four, driving the businesses security strategy forward Ensure security controls, policies and technologies protect the organisation's assets, infrastructure and data What Do I Need To Apply For The Role Experience in a Cyber Security leadership-level role Proven experience with the MS Security Stack including Defender (Endpoint, Identity, Cloud), Sentinel (SIEM), Entra ID Security Features, and Purview Knowledge of Azure Security controls, including Azure Firewall, Key Vault, Conditional Access, and Azure Network Security Familiarity with standards such as ISO 27001 My client have very limited interview slots and they are looking to fill this vacancy within the next 2 weeks. I have limited slots for 1st stage interviews next week so if you're interest, get in touch ASAP with a copy of your most up to date CV and email me at m.fox@tenthrevolution.com or call me on 0191 300 1232. Please Note: This is a permanent role for UK residents only. This role does not offer Sponsorship. You must have the right to work in the UK with no restrictions. Some of our roles may be subject to successful background checks including a DBS and Credit Check. Nigel Frank are the go-to recruiter for Power BI and Azure Data Platform roles in the UK, offering more opportunities across the country than any other. We're the proud sponsor and supporter of SQLBits, Power Platform World Tour, the London Power BI User Group, Newcastle Power BI User Group and Newcastle Data Platform and Cloud User Group. To find out more and speak confidentially about your job search or hiring needs, please contact me directly at m.fox@tenthrevolution.com