Great opportunity within Information Security at our client based in Northampton but commutable from Bedford , Milton Keynes , Rugby and Leicester who are a FTSE 100 Multichannel retailer operating from more than 2000 locations . Salary negotiable plus up to 15% bonus , private health, pension scheme and benefits .
Initially the majority of time you will be home based and moving forward split behind home and office so you need to be in reasonable commutable distance for a couple of days a week in the future .
Senior Information Security Specialist (Compliance)
Essentially they are looking for PCI-DSS experience and ideally you will have previously created a Compliance framework and to be a subject matter expert to help make the group secure with regard to PCI / Cyber essentials and help set up operational processes and ensure people are doing what they should .
Be great if you had experience in Cyber Controls selection and implementation and compliance management .
Reporting to the Head of Information Security you will have demonstrable 'hands-on' experience working in a variety of Information Security compliance roles (both technical and business-facing) now looking to grow Information Security Management experience and exposure to the full life-cycle in a large and fast-moving end-user' organisation. Looking for someone to take responsibility, someone with energy to shape and develop .
Cyber Controls selection and implementation, compliance management, experience in complex organisations.
Exposure to compliance/assurance processes and concepts, use of the OneTrust privacy tool; exposure to the NIST critical controls framework and other external standards/regulations.
Must have the presence/gravitas to work effectively with and influence delivery heads, project/programme managers and senior technicians so that pragmatic security solutions are achieved balancing business needs with risks, and achieving compliance requirements.
·Developing, overseeing, improving and evaluating control systems to prevent or deal with violations of legal, regulatory, industry standards, guidelines and internal policies to maintain and improve TP's security posture.
·Act as the SME responsible for ensuring effective compliance levels are maintained for the Group with regards to PCI-DSS, GDPR/Data Protection Act, Cyber Essentials and ISO 27001 standards.
·Working with the Internal Audit Team to periodically conduct audits and reviews to ensure the execution of compliance standards are being met to a satisfactory level.
·Working with the Procurement Team to ensure contractual terms, minimum security standards and supplier reviews are performed to a satisfactory level.
·Assist in the delivery of compliance training and awareness to build basic skill sets across the business and IT communities, fostering security knowledge champions and online security communities, so as to improve the culture and behaviour of colleagues regarding information risks that the functions address.
·Reporting against defined Key Performance Indicators so that assurance is provided to relevant stakeholders concerning current levels of compliance, deviations and areas for improvement