DescriptionWorking on a team of IT security specialists, and working closely with technical teams responsible for IT, this role will assist in the development and implementation of policies, standards, processes and procedures to drive compliance to best practices, including the NIST Framework, ISO27001, and GDPR (including ISO27701), ensuring that these practices deliver a class-leading control environment across IT and the wider business.
The role includes managing training and awareness programmes, delivering key projects in our Information Security strategy, and supporting the management of information security and data breach incidents across the business. Responsibilities• Support the development of our Information Security Management System (ISMS) to help ensure delivery of an Information Security strategy that supports business goals while minimising IT, legal and regulatory compliance risks
• Maintain Information Security and Privacy Awareness by developing and delivering training and awareness campaigns to ensure that the organisation is engaged and aware
• Support the Group Data Protection & Information Security Manager by assuming the role of Incident Manager as required, and ensure that procedures are adhered to, incidents are managed appropriately and consistently, and are reported in a timely manner
• Perform technical IT Security controls reviews and tests to monitor and maintain compliance with daa Information Security policies, corporate processes, and IT related regulation policies and standards, tracking remedial actions to completion
• Support IT Architecture in implementing our Security by Design policy, managing projects, delivering controls reviews, including reporting and mitigation management
• Support the Data Protection Officer in implementing our Privacy by Design principles, managing and supporting Records of Processing Activities
• Manage our IT and Cyber Security Risk profile – assess, evaluate and document IT Risk on an ongoing basis so that IT Management are aware of the IT Risk profile, highlighting changes in risk profile
• Work closely with IT and business stakeholders to develop Data Loss Prevention and Cloud App Security strategy and support stakeholders in implementing an integrated approach encompassing access procedures for on-premise and cloud-based systems, serving the needs of diverse groups of users across multiple locations.QualificationsExperience
• At least 5-7 years’ experience in IT and / or IT Security, with at least 2 years in a technical IT role – preferably with exposure to a range of IT roles, including some or all the following: IT administration, systems implementation, project management
• Experience of leading or supporting Data Protection compliance and governance desirable but not required
• Exposure to working in a dynamic environment – both technical and business in a demanding environment delivering 24/7/365 services to customers.
Skills
Suitable candidates should have extensive experience of some or all the following:
• Knowledge of systems implementation and management, including configuration of access controls, security settings, patching, change management or similar security controls
• IT and Cyber Security technologies and capabilities – incident response, threat assessment, malware handling and containment, analysing and investigating Indicators of Compromise (IoCs)
• Exposure to some or all the following: malware protection, firewalls and IDS / IPS, systems administration, client Operating Systems knowledge; Virtualization experience; Vulnerability Management, Security Information and Event Management tools
• Knowledge of risk management including developing, implementing, and tracking mitigation and remediation actions
• Experience in developing security awareness and training programmes across diverse channels in a challenging and busy environment
• Project management and delivery of new systems and services, including exposure to procurement processes
• Communications and presentation skills – stakeholder management and communications, with ability to write reports and presentations and experience delivering to both technical and non-technical audiences.
Formal Education Qualifications
• Honours Bachelor’s Degree and /or Master’s Degree or equivalent in IT or related areas
Professional Memberships
CISSP, CISA or CISM or similar certifications CIPP/E, CIPM or equivalent desirable but not required