PURPOSE & IMPACT: This role is known for …

Responsible for managing and mitigating security risks, ensuring security posture aligns with regulatory obligations, and industry standards. Developing and maintaining an effective information security governance framework, by maintaining cybersecurity policies, standards and guidelines aligned to Nomad's enterprise risk management framework and overall strategy.

Manage, evaluate, and support the documentation, validation, assessment, and authorisation processes necessary to assure that existing and new systems, suppliers and processes meet the organisation's cybersecurity and risk requirements.

Working with internal and external stakeholders to conduct risk assessments and reporting to help identify related cybersecurity risks and determine appropriate controls.

We need someone who….

• Can communicate at all levels and with the ability to summarise and present complex concepts to senior leadership
• Is a confident presenter and communicator with an ability to explain complex topics clearly to a non-technical audience
• Is experienced in operating a risk management framework across multiple entities and territories, including risk appetite and impact / likelihood calibration
• Has familiarity with regulations and standards such as ISO27001, NIST CSF, NIS2, COBIT, ITIL, GDPR, and SOC2, including developing and maintaining frameworks, policies and guidance, and implementation and monitoring strategies
• Can work independently and as part of a team in a fast-paced dynamic environment
• Has programme and project management experience, including the ability to assess and assure the current state, establish and lead a resulting programme of enhancements
• Can collaborate with colleagues across multiple locations and time zones where required
• Has experience in implementing and executing the Third-Party Risk Management (TPRM) strategy and programme

• Overseeing cyber security governance efforts, ensuring alignment with frameworks like ISO 27001, NIST, NIS2 and GDPR, and regulatory standards
• Identify, assess, and mitigate security risks across the organisation. Implement and maintain risk management processes, ensuring effective controls are in place
• Ensure continuous compliance with applicable laws and regulations. Conduct internal audits and manage external audits of cyber security controls
• Work closely with cross-functional teams, including IT, Risk, Compliance Legal, and Business Operations, to drive compliance initiatives and embed security practices across the organisation
• Develop and implement security policies, procedures, and standards that support risk mitigation and compliance efforts in line with industry standards
• Play an active, hands-on role in security initiatives and GRC activities, including incident management, vulnerability assessments, and compliance reviews
• Provide reporting to leadership committees and the Board
• Lead the strategic planning and delivery for the governance and management of information security risk and compliance
• Develop, review and confirm the existing and new IT systems meet the organisations cybersecurity and risk requirements
• Use compliance activities to drive continuous improvement of security controls, identifying opportunities to further develop policies and procedures to ensure that they meet business needs
• Work effectively across the business to drive information security risk assessment and risk management processes
• Communicate and drive adoption of new policies or amendments to existing cybersecurity policies, standards and guidelines across all relevant internal or external stakeholders
• Implement a TPRM strategy. Monitor and reassess requirements to ensure oversight of third-party information security risks
• Use technology, data and best practices to continuously improve the TPRM programme
• Follow-up on deviations from compliance activities and audit findings with relevant business teams to address compliance gaps and remediation plans
• Work with system owners and relevant internal or external stakeholders to perform risk analysis or security reviews on OT systems and environment resulting in recommendations for inclusion in the risk mitigation strategy
• Maintain awareness and documentation of all cybersecurity risks identified for systems through risk registers

• Graduate level in Cyber Security, Computer Science or similar
• CRISC, CISM, CRM, CISA, CCP Practitioner SIRA, ISO/IEC 27001 Lead Auditor, or similar
• 3-5 years’ experience in cyber governance, risk and compliance roles, preferably in the FMCG sector