CISO "information security" cism cisa cissp "network security" SOC "it security" securityHead of Information Security for a major cloud communications solutions providerUp to £90k base plus benefitsBracknell
A senior member of the CISO Team, supporting and driving the maturing of Information Security and Compliance across the Group. This role principally sets, oversees the implementation of, and provides on-going monitoring/auditing of the current environment to establish the required security standards agreed with CISO in line with Business requirements and Customer expectations. WHAT SUCCESS LOOKS LIKE
The key deliverables, critical for effective performance e.g. customer satisfaction, and a brief description of why it is important
- Compliant and secure: compliant and secure at all times, Group systems must protect its reputation as trustworthy with customers and colleagues, meeting regulatory requirements and industry best practice.
- Pragmatic risk mitigation: the jobholder will be pragmatic, balancing the need to reduce risks alongside the acumen to recognise that the Business must deliver exceptional service for customers, quickly and cost-effectively.
- Continuous Improvement: security threats evolve and so it is critical that the jobholder drives strenuously continuous improvement across the IT environments to ready the Group for future threats.
3-5 major areas of responsibility with a brief description of the expected activitiesPolicies, Processes and Security Measures
- To analyse specific security environments across the Group as agreed with the CISO and identify improvements. This will be accomplished through a project life cycle starting by writing a Project Initiation Document (PID) which defines the area to be investigated or evaluated and is completed by agreed documented recommendations with dates for completed remediation, by the relevant identified areas. The role is responsible to ensure completion to an agreed timetable.
- To coordinate regular (quarterly) Infrastructure Reviews in support of certifications under the role's remit, across the global estate by conducting assessments of the Platforms and Corporate systems. The role is responsible for reports which makes recommendations to the CISO to minimise any identified risks, obtain an agreed timetable for remediation (entered in to the Compliance Calendar) and ensure any work is completed to the timetable.
- To work closely with the CISO and Quality and Compliance Executive to provide assurance that policies and procedures for Information Security are effective and are adhered to by sampling different areas across the global business (performing internal audits or ensuring they are performed as appropriate). To maintain a list of areas for consideration and sample at least two areas each quarter. As a result of the sampling, use the findings to be proactive in making recommendations for updates to policies and procedures, as required.
- To liaise with agreed external security agencies (where required) and ensure that any information requested is provided on a timely and secure basis.
- To keep up to date with security trends, threats and control measures.
- To perform such duties appropriate to the role, as may be directed by the CISO.
Policies, Processes and Procedures
- To contribute to the Group Risk Register and carry out any assigned actions to the role mitigate risks identified, with a particular focus and responsibility for Information Security and Quality-related tasks.
- To ensure relevant policies, processes and procedures are up to date and posted onto the Business Management System (BMS) in accordance with internal processes.
- To provide and/or design training and awareness sessions on policies, processes and procedures as relevant and agreed with the CISO.
- To take responsibility for the continued achievement of ISO27001 and ISO9001 certifications for the UK and any other certifications as directed by the CISO from time to time. Responsibility includes the implementation of recommendations, driving external and internal audit requirements/outputs and ensuring arrangements for certification are made and prepared for fully.
- To support the Quality and Compliance Executive in ensuring the required Certifications are maintained across the Global landscape. The role will produce monthly reports for presentation to the CISO on those items covered by the certification that are required for examination by the internal and external auditors. The jobholder is to take responsibility for ensuring that the timing and preparation for audit visits which may be co-ordinated and arranged by the Quality and Compliance Executive are entered in the Compliance Calendar.
Misc Duties in Support and Conjunction with CISO
- To provide support and consultation to the CISO as required across other certifications.
- To undertake projects, tender responses and other information security actions in support of the CISO team and Business objectives and plans.