Cyber Risk AVP

Role Overview: Our Digital and Technology (D&T) team is at the forefront of innovation, developing cutting-edge solutions to shape the future of our renowned brands. Technology plays a pivotal role in every aspect of our business, from ingredient sourcing to online platform development. By leveraging data insights, we gain a competitive edge and empower our team to deliver value swiftly. Join our dedicated D&T team, where we strive to break boundaries, foster innovation, and create the digital solutions of tomorrow. We are committed to helping you excel in your area of interest, enabling you to produce career-defining work and introduce groundbreaking ideas. Key Responsibilities: - Develop and maintain Diageo's cyber risk management framework in compliance with global policies. - Design and implement the cyber risk management strategy in alignment with business objectives. - Conduct regular risk assessments to identify potential threats and vulnerabilities in IT, OT, and cloud environments. - Evaluate, prioritize, and track risks based on their impact and likelihood. - Keep an updated cyber risk register with remediation progress monitoring. - Lead incident response planning and execution, including post-incident analysis. - Collaborate with IT, legal, compliance, and other departments to establish comprehensive risk mitigation strategies. - Recommend and oversee the implementation of risk mitigation actions and controls. - Ensure adherence to relevant regulations such as GDPR, NIST, ISO 27001, etc. - Provide senior management with regular reports, dashboards, and insights. - Work closely with senior leadership to communicate risk exposure and mitigation plans. - Serve as the main contact for cyber risk during internal audits and regulatory reviews. Qualifications: - Bachelor's degree in computer science, Information Security, or a related field. - Minimum of 10 years" experience in cybersecurity or similar roles. - Profound understanding of cyber risk management frameworks and methodologies. - Desirable certifications like CISSP, CISM, or CRISC. - In-depth knowledge of cloud platforms (Azure, AWS, GCP), IT & OT security environments, and their associated risk profiles. - Experience in risk modeling and assessment using tools or BI platforms (Power BI, Tableau, etc.). - Excellent communication skills to convey complex technical information to non-technical stakeholders. - Familiarity with compliance and regulatory frameworks such as GDPR, SOX, NIS2. Note: The additional details of the company are not included in the provided job description.,