Company: FTSE 100
Location: Hybrid/Home and Milton Keynes for meetings
Reports to CISO
The role is responsible for managing and expanding the Information Security operations team that will work in collaboration with Group IT functions and the third-party Security Operations Centre (SOC) to ensure IT and Information security controls are in-place to protect the business against cyber threats. This includes pro-actively managing and expanding the coverage of technical IT and Information security controls across the enterprise and establishing the required processes and procedures to maintain optimal performance. The role will also have end-to-end responsibility for the management, communication, escalation, investigation and resolution of all IT and Information Security incidents. The role will work closely with the wider Group IT and Group functions to drive continuous improvement in technical and process controls as they relate to the information assets.
• Define and manage end-to-end processes, roles and responsibilities to effectively respond and resolve IT and information security incidents (Analyse/Identify, Contain/Mitigate, Remediate/Eradicate, Recover)
• Monitor and manage technology dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc. Review, respond and investigate alerts generated by detection infrastructure and technologies.
• Actively work with partners, suppliers and the wider IT community to coordinate and support any security or cyber incidents response activities.
• Build relationships with suppliers, Group Legal, Group Comms and third parties to ensure co-ordination of incident response.
• Build and maintain relationship with third party Security Operations Centre (SOC) and wider Group IT functions.
• Build and maintain relationship with third party Digital Forensic team.
• Internally assess, evaluate and make recommendations regarding the adequacy of IT and Information security controls to identify and manage incidents.
• Maintain compliance with internal and external data governance policies (GDPR, DPO, Works Councils) where relevant to security controls
• Support the CISO in the delivery of the Information Security Strategy
Education & Certifications
• IT Security certification such as ISC2 CISSP, Certified Ethical Hacker (CEH), SANS GIA Certified Forensic Analyst or SANS GIA Certified Network Forensic Analyst are beneficial but not essential.
• BSc Hons or higher preferred
Job Specific Technical Requirements
Maintain up-to-date knowledge of the IT and Information security industry including awareness of new or revised security solutions/services, improved security processes and the development of new attacks and threat vectors.
Experience and capability
• Extensive experience in IT and business, with high level of information security experience and expertise
• Knowledge of information security risk management frameworks and compliance practices.
• Experience of large, multi-national cross-functional teams.
• Knowledge of securing network technologies, client, and server operating systems.
• Ability to develop security standards and guidelines based on best practices and industry standards
• Excellent interpersonal, communication, and presentation skills, including formal report writing experience
• Understanding of common security standards and regulations (e.g., PCI DSS, ISO2700x, GDPR, etc.)
Ability to communicate and build relationships outside the IT function and fosters a collaborative working relationship with various stakeholders.
Possess strong negotiation and conflict resolution skills.
Display professionalism, customer service attitude, attention to detail and quality.
Possess strong interpersonal and influencing skills with good stakeholder engagement.
Strong team player.
Strong customer service ethic.
Ability to analysis complex situations, especially in high pressure and dynamic environments
Ability to prioritise and quickly resolve issues.
Excellent oral and written communication skills.
Excellent analytical and problem solving skills.
Ability to clearly and effectively present information in one-on-one and group situations.
Aptitude for learning and developing skillset.
Ability to work across diverse organizations.
Promotes positive team spirit, supportive of colleagues and comfortable working in a matrix managed way.
Ability to work independently and build a functional area.