Company: FTSE 100
Location: Hybrid working visiting Milton Keynes for meetings
Reports to CISO
The role is responsible for supporting Group Information Security and IT operational teams, divisional IT and IT projects in providing subject matter expertise around Information security. Security needs to be embedded into everything from functional and non-functional requirements, policy, and regulatory requirements to architectural designs and vendor selections. This role will actively support the evaluation, selection, and implementation, of Information Security technologies to deliver the long-term Information Security strategy and mitigate risk exposures. The role will work closely with the wider Group IT and Group functions to drive continuous improvement in technical and process controls as they relate to the information assets.
Areas of Responsibility
• Engage and support technology business partners and business projects with delivery of business projects in a way that does not create or increase security threats and risks to the business by identifying relevant IT and Information Security requirements (functional & non-functional), policy and regulatory requirements and architectural designs.
• Embed security thinking and checks into project delivery lifecycles
• Actively work with partners, suppliers, and the wider IT community, to coordinate and support any security or cyber incidents response activities.
• Internally assess, evaluate, and make recommendations, regarding the adequacy of IT and Information security controls to identify and manage incidents.
• Support the Policy Board in creating, updating, and communicating, effective and reasonable IT and Information Security policies and/or standards to improve IT and Information security and ensure compliance with relevant regulations and legal interpretations.
• Support the CISO in the delivery of the Information Security Strategy
Person Specification (minimum requirements)
Education & Certifications
Information Security certification such as ISC2 CISSP, ISC2 CISM or SABSA are beneficial but not essential.
BSc higher degree a preference
Job Specific Technical Requirements
Maintain up-to-date knowledge of the Information security industry including awareness of new or revised security solutions/services, improved security processes and the development of new attacks and threat vectors
Experience and capability
• Extensive experience in IT and business, with high level of information security experience and expertise.
• Knowledge of information security risk management frameworks and compliance practices.
• Experience of large, multi-national cross-functional teams.
• Knowledge of securing network technologies, client, and server operating systems and cloud environments.
• Ability to develop security standards and guidelines based on best practices and industry standards.
• Excellent interpersonal, communication, and presentation skills, including formal report writing experience.
• Understanding of common security standards and regulations (e.g., PCI DSS, ISO2700x, GDPR, etc.)
• Ability to communicate and build relationships outside the IT function and fosters a collaborative working relationship with various stakeholders.
• Possess strong negotiation and conflict resolution skills.
• Display professionalism, customer service attitude, attention to detail and quality.
• Possess strong interpersonal and influencing skills with good stakeholder engagement.
• Strong team player.
• Strong customer service ethic.
• Ability to analysis complex situations, especially in high pressure and dynamic environments
• Ability to prioritise and quickly resolve issues.
• Excellent oral and written communication skills.
• Excellent analytical and problem-solving skills.
• Ability to clearly and effectively present information in one-on-one and group situations.
• Aptitude for learning and developing skillset.
• Ability to work across diverse organizations.
• Promotes positive team spirit, supportive of colleagues and comfortable working in a matrix managed way.
• Ability to work independently and create, and lead, a functional area.