Head of Security and Compliance

Willmott Dixon Group
14 Sep 2018
14 Oct 2018
Contract Type
Full Time
Are you looking for the Career or a Lifetime? Willmott Dixon are recruiting for a Head of Security and Compliance who will be responsible for the coordination and implementation of the operational security activities that serve to protect the organisation's information assets and information systems. The role will involve partnership working with the Group’s IT teams. The post-holder will evaluate existing security infrastructure against Group Policy, implement enterprise security standards and create procedures, metrics and a roadmap for improvements. In addition, the role will test and verify the effectiveness of Disaster Recovery plans, and coordinate remediation activities resulting from internal and external audits. The Head of Security and Compliance will also operate the security infrastructure designed by the Security Architect and develop a practical and efficient protective monitoring regime.

The Project
Duties and responsibilities will include: -

• Develop, own and operate a process to identify, collect, store, correlate, analyse, and respond to IT security data derived from the IT security controls implemented across the IT infrastructure and Services. Provide recommendations and implement improvements to these controls as necessary. Develop security controls in alignment with good practice frameworks, e.g. ISO27001/2, ISF Standard of Good Practice. Report on the implementation of controls and measurement of their success.

• Undertake incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.

• Implementing and Operating a Security Management System for IT systems and processes, aligned with and interfacing with Group and Divisional/Customer systems.

• Support internal and external IT audits in partnership with the Information Security Compliance Manager.

• Lead on IT risk assessments and network vulnerability assessments in consultation with the Information Security Compliance Manager and document, prioritise and manage all remediation activities and exceptions where necessary.

• Undertake health and configuration checks of deployed infrastructure to ensure configurations conform to Group policies. Take responsibility for the delivery of remedial actions to address incorrect configurations.

• Review Technical Designs, Changes and Solutions for compliance against defined Group IT security standards, tracking and managing risks, gaps and exceptions.

• Support Service Delivery Management and Business Engagement in the interpretation of security requirements and obligations, ensuring that those requirements manifest in the resultant IT Services and systems.

• Undertakes proactive assurance and audits of live systems and services to track compliance against security designs, standards and specifications.

• Operates a Security Alerting and Management process, tracking all security incidents from alert through to closure.

• Responsible for compiling regular weekly and monthly Security reporting for the Group, covering compliance, risks, exceptions and plans.

• Maintains a forward schedule of all planned Security and BCP audit activities, proactively alerting relevant parties to prepare and participate.

• Plans and schedules relevant penetration, intrusion and other security testing for IT systems. Tracks and manages any resulting exceptions, gaps and risks.

• Responsible for implementing and operating the IT Security Toolsets required to underpin the IT Security management System.

• Plans and coordinates Business Continuity and Service Continuity activities across the IT teams.

• Maintains details of Service Continuity plans and how these underpin and related to customer BCP plans, supporting reporting and tracking as necessary.

• Ensures that designs and services provided by IT underpin customer BCP aspirations, notifying and alerting of any identified gaps or risks.

Essential and Desirable Criteria
Proven experience of:


• An understanding of cloud based hosting, associated risks and security applications and infrastructure.

• Demonstrable experience in IT security operations, policies, standards, architecture, technologies and work programmes.

• Understanding of defence in depth principles and the role of WARP.

• Solid understanding of information security risk management including risk analysis, mitigation, resolution and acceptance.

• A proven track record of performing in an IT Security Operations role in a large, complex organisation.

• Familiarity with enterprise security concepts and technologies including Firewalls, AD, NIDS / HIDS, AV, SIEM, GRC, DMZ, FDE, VLAN, VRF, NSG, VPN, SIG, Email Content Filtering, Vulnerability Management, Penetration Testing and Protective Monitoring. Desirable but not essential:

• Understanding of HMG requirements for Protective Monitoring (GPG13).

• A sound knowledge of leading-edge IT security operations processes and technologies, including Microsoft Trust Centre.

• Operational experience in the following: Microsoft AD, McAfee EPO, Citrix, BlueCoat, Websense, Juniper, Splunk. Essential

• Educated to degree level, preferably in computer science or related discipline or related experience Professional

• Must have one or more of the following active certifications or equivalent industry experience: CISA, CISSP, CEH, SANS.

• Other related certifications such as ITIL, COBIT, ISO27001/2 Implementer/Auditor are preferred, but not essential.

Additional Information
Willmott Dixon embraces diversity in the workplace

Similar jobs

Similar jobs