What you’ll be doing
Define, develop, and implement IT Security policies and operational practices to ensure fit for purpose standards, operational disciplines, and controls to minimise risk.
Audit, review, and report on IT Security related assessments of current and prospect platforms or suppliers, assessing levels of risk relating to our products, cloud, and support services.
Manage the overall IT Security process improvement pipeline for your region, working collaboratively with the wider Security team, for security related projects, ensuring strong stakeholder engagement and communications.
Responsible for the management of compliance through communication of IT Security & Cyber Awareness training, periodic audits, testing, with review effectiveness of training material where appropriate, raising security awareness among business segments.
Link to wider functions for compliance, including Cyber Essentials Plus, NIST CSF, Essential Eight Maturity Model, CIS Controls (v8), CMMC v1
Support the attainment and retention of information security standards such as ISO27001, Cyber Essentials Plus, etc., through coordination and completion of risk assessments.
Identify & report key security risks and mitigating controls, producing high quality documentation to articulate and report those risks along with proposed solution in appropriate risk forums.
Ensure third parties, suppliers and partners have the same effective policies and controls in place, with security by design at the forefront to protect the confidentiality, integrity, and availability of business data
Ability to clearly communicate our security posture with customers and key stakeholders through consultative subject-matter expertise on 3rd party assessments.
Ensure information security, resiliency and data privacy risk assessments are effectively undertaken, providing a healthy culture and good practice towards our data security.
Strong track record in negotiating and managing internal and external stakeholders and third parties, using every contact with internal customers to build sustainable relationships.
Experience of clearly communicating security risks and how to mitigate them to audiences of all kinds, including those with limited technical knowledge
An ambassador for IT Security creating thought-provoking communications that resonate with different and diverse audiences.
Support the development and review of Business Continuity and associated Disaster Recovery plans
Supporting the business with tender responses, business development opportunities, ad-hoc client & third-party due diligence, and pre-qualification questionnaires.
Who we’re looking for
Previous career experience working in information security
Appropriate 3rd level qualifications in information systems, security, and compliance
Broad transferable expertise in important technology and security frameworks, controls & standards, ideally in some or all these contexts :
Cyber Essentials Plus, NIST CSF, Essential Eight Maturity Model, CIS Controls (v8), CMMC v1, ISO27001, OWASP, CSA, CCM, CIS, SOC
One of more of ITIL, CISSP, CISA or CISM accreditations desirable
Experience with Disaster Recovery plans, processes and practical tests / execution and security implications
Experience defining and working with others to execute a security strategy within an organisation
A solid awareness of technology principles & capabilities that support and underpin cyber and information security.
What’s in it for you?
We’re an accredited training provider from entry level to master’s degree level professional qualifications in leadership & management and executive coaching & mentoring, we support learning and development for everyone.
A personal development plan and a transparent career pathway puts you in the driving seat of your career and you’ll be supported as far as you want to go.
We encourage and value different ideas, perspectives, and styles of thinking. We need a mix of experiences and skills to develop the most innovative ideas.
We respect one another and recognise the potential and contribution of everyone. You’ll be joining a diverse community and a company that puts its people first and prioritises their wellbeing.
We understand the need to work flexibly, with agile offices and hybrid working offered as standard, we’re happy to talk about flexible working.
This is a workplace that works for you.
A career here is far from ordinary. Here you’re not a number, you’re part of the solution.