Life Unlimited. At Smith+Nephew we design and manufacture technology that takes the limits off living.
The IT Policy and Governance Specialist works in the Information Security department within Information Technology Group and reports to the Security Governance and Data Protection Manager.
You will work closely with different Information Security and IT functions to make sure that our processes are aligned, and colleagues understand how the framework will help us provide a better service to the business. You will take ownership and responsibility of the security governance maturity program to support ISO27001 framework implementation by development of new policies, standards, and procedures. You will update or define new policies, standards, and procedures, using different sources and frameworks to develop documentation in line with the most current Information Security and IT standards.
You will manage Information Security policy framework using technologies like ServiceNow IRM and SmartSolve to ensure that processes like policy approvals, reviews, publication, and exceptions are ensured and delivered on time. You will also support internal and external IT audits, various 3rd party questionnaires and Project Management activities with provisioning of up-to-date evidence.
You will work independently and collaborate professionally with different types of stakeholders, e.g., SMEs, IT managers. You must have strong, compliance minded approach to ensure that processes like policy exception are maintained in line with the established requirements. You must have attention to details to ensure developed and maintained documentation is error-free, concise and understandable for the end users. You will report and provide metrics to leadership.

What will you be doing?

• Delivery and managing of the IT governance framework of policies, standards, and procedures for the scope of services offered by Information Security and IT. Collaborating closely with IT functional leads, to ensure policies, procedures and standards are published to adequately support IT and business objectives, as well as IT governance strategy. Responsible for IT Group compliance with document lifecycle requirements.
• Owning, managing, and enhancing maturity of S+N security governance (policies, standards, procedures, guidelines) in alignment with developed strategy. Research and development of new documents in line with IT standards.
• Monitor the on-going effectiveness of the framework by reporting management metrics and support in identifying and resolving Policy exceptions and/or violations.
• Supporting internal and external audits and any consequent remediation, in the area of IT Governance.
• Maintain knowledge and expertise in latest IT Governance management approaches and apply to the organisation

What you will need to be successful?

• Education/knowledge: Bachelor’s degree in a Computer Science or Information Security, or related field, or an equivalent combination of training and experience. Fluent English is a must
• Licenses/ Certifications: One of the following security and audit certifications would be to the candidate’s advantage but not essential: ISO27001, CISA.
• Around 5 years in Information Technology or Information Security with at least 2 years of that in supporting and/or managing IT Governance frameworks.Experience of using electronic document/risk management systems like ServiceNow IRM.Basic knowledge of IT controls or security frameworks would be a candidate’s advantage, e.g. COBIT, NIST etc.

You. Unlimited.
We believe in creating the greatest good for society. Our strongest investments are in our people and the patients we serve.
Inclusion, Diversity and Equity: Committed to Welcoming, Celebrating and Thriving on Diversity, Learn more about our Employee Inclusion Groups on our website
Your Future: annual bonus, life insurance, company stock saving plan
Work/Life Balance: paid volunteering hours, flexible approach
Your Wellbeing: private health care with dental care package, multisport card/my benefit platform
Flexibility: possibility of working in hybrid model
Training: Hands-On, Team-Customized, subsidies for language classes, certifications and postgraduate studies
Extra Perks: referral bonus, recognition program, mentoring program

LI-GG1

• Delivery and managing of the IT governance framework of policies, standards, and procedures for the scope of services offered by Information Security and IT. Collaborating closely with IT functional leads, to ensure policies, procedures and standards are published to adequately support IT and business objectives, as well as IT governance strategy. Responsible for IT Group compliance with document lifecycle requirements.
• Owning, managing, and enhancing maturity of S+N security governance (policies, standards, procedures, guidelines) in alignment with developed strategy. Research and development of new documents in line with IT standards.
• Monitor the on-going effectiveness of the framework by reporting management metrics and support in identifying and resolving Policy exceptions and/or violations.
• Supporting internal and external audits and any consequent remediation, in the area of IT Governance.
• Maintain knowledge and expertise in latest IT Governance management approaches and apply to the organisatio