Information Security Lead
We process over two million customer bookings and over five million customer card payments each year. This means that our business handles vast amounts of information that our customers expect we will protect. The information we need to protect includes details of credit cards, bank accounts and other customer personal data. We also have a duty of care to our employees to protect their personal data and provide a safe place to work.
The Information Security Team is responsible for providing information security assurance to the Group. The team is expanding and this is an exciting opportunity to be part of a dynamic and growing function.
We are creating an additional role to focus on project information security risk assurance. This role will manage risk as projects move through a formal project lifecycle and would be responsible for a portfolio of projects. The new role would support the Information Security Lead – Projects position which is currently accountable for project assurance.
What You Will Be Doing
As an Information Security Lead –Systems Assurance your role will be to offer assurance to the entire systems lifecycle process; giving a risk based approach to information security process working within the NIST framework, in accordance with source market requirements and approach.
This role is to be responsible for (although not limited to) the general management of Information Security Systems Assurance, ensuring all new and existing systems and solutions are secured appropriately. The role will work to design, plan, implement, discover and remediate against NIST, ITGC (IT General Controls) and local source market requirements. Principally you will be responsible for vulnerability testing, managing security platforms (AV. IDS/IPS, Firewall process/change, Network Access Control, vulnerability remediation, etc) and the process to embed these into the IT operational functions and processes already in place.
This role will build these management processes, engage stakeholders and continuously mature it into a BAU process to understand and manage the risk and threats affecting all the servicing estate globally.
The role will continually be performing BIA, risk based assessments and privacy impact assessments in order to determine treatment and action for the project/information security. We expect this will lead to fully specifying end to end security requirements based on an Information Security set of artefacts, stating baseline and policy. There will be some supervising penetration testing using 3rd Party suppliers in order to ensure project security and this will lead to wider interaction within the Source Market Information Security departments to ensure visibility and accurate decision making.
Your ultimate responsibility will be to mature, socialise, advise and assure the Head of Services – Digital Platforms of the security process required to apply to the operational IT stack managed within this area. This role will ensure that we are capturing risks and actions and seeing them through to conclusion. There will be global liaison and visibility required as part of this role.
What We Are Looking For
You will be accountable for the following:
•Managing the wider Group stakeholders and source markets
•Liaising with the local IS teams to ensure aligned approach and strategy
•Managing the operational Information Security maturity within Digital Platforms
•Reporting and socialising the state of security with key stakeholders (to be defined by the Head of Services – Digital Platforms)
•Following the relevant governance and reporting compliance status
•Ensure risks are appropriately recorded within the risk process
•Ensure the SLA’s (set by the Head of Services – Digital Platforms) are met and reported on
•Create clear processes for operationally managing the information security within Digital Platforms
For this role we are looking for talented individuals who have
•Experience performing information security governance of projects in a formal project lifecycle
•Experience performing privacy impact assessments
•CISSP or equivalent qualifications
•Experience managing penetration testing engagements using 3rd Parties
•Experience of Prince2 methodologies
•Effective communication, influence and stakeholder management skills
•Ideally good experience with PCI DSS in a large retail organisation.
| || |
| || |
| || |
| || |
| || |