The role requires you to recommend security controls and identify solutions that support the business objective, provide specialist advice and recommend approaches across teams and various stakeholders, communicate widely with other stakeholders, advise on important security-related technologies and assess the risk associated with proposed changes, inspire and influence others to execute security principles and consult on security matters within projects across the business. The role holder is expected to deputise for the Information Security Officers in the security team when required, and to attend regular departmental meetings and other meetings relevant to the role.
Key Responsibilities include: ? Outstanding communication skills; strong critical thinking and analytical skills ? Strong project and team-building skills, including the ability to lead teams and drive initiatives in multiple departments ? Demonstrated ability to identify risks associated with business processes, operations, technology projects and information security programs ? Ability to function as an enterprise security subject matter expert who can explain complex topics to those without a technical background.
Main tasks and responsibilities Key Performance Indicators Technical infrastructure competencies (cloud & on-prem) ? Secure infrastructure, containers, CI/CD pipelines, and introduce guardrails aligned with DevSecOps principles ? Develop a complete understanding of our technology and information systems ? Design, build, implement and support enterprise-class security systems ? Align organizational security strategy and infrastructure with overall business and technology strategy ? Identify and communicate current and emerging security threats ? Deploy security controls to mitigate threats as they emerge ? Plan, research and deploy robust security controls for any IT project ? Perform or supervise vulnerability testing, risk analyses and security assessments ? System/application testing validation ? Input and assistance in reducing vulnerabilities ? Cyber Security Input into business led projects ? Input into documentation that meets standards and drives processes ? Assistance with audits to ensure smooth progress and least business disruption ? All agreed security KPIs ? Create solutions that balance business requirements with information and cybersecurity requirements ? Identify security design gaps in existing and proposed deployments and recommend changes or enhancements ? Review and approve installation of firewall, VPN, routers, IDS scanning technologies and servers ? Test security systems to ensure they behave as expected ? Provide supervision and guidance across the various IT teams ? Define, implement and maintain corporate security policies and procedures ? Train users in implementation or conversion of systems ? Respond immediately to security-related incidents and provide thorough remedial solutions and analysis ? Regularly communicate vital information, security needs and priorities to upper management (Including security controls) monitored and reported as required Cyber Risk ? Oversight, management, and reporting on all risks pertaining to information security, including all forms of cyber risk and all risks relating to the protection of personal data throughout the business in all locations ? Developing and monitoring Key Risk Indicators (KRI) and Key Performance Indicators (KPI), relating to the information security controls of the business ? Assist in the assessment of risk to the security of information, assets, and personnel ? Assist in management of cyber risk including risk reviews and mitigation planning ? Risk assessments carried out to standard, to agreed schedule, and as required ? Ensure complete and accurate risk register in place and monitored Customer Management ? Maintain effective relations with all key stakeholders across company ? Commits to exceeding expectations and needs to internal/external customers, possesses “customer first” mind set ? Ensures that work is accurate and well presented, that customer care is given priority above all else and that in both areas effort is made to exceed the minimum standard required ? Shows concern for detail no matter how small. ? Takes a pride in doing a job well ? ? Quality and timeliness of communication updates to all relevant parties Ensure appropriate service is delivered at all times, across all business lines and that feedback is sought from key stakeholders to fully assess the service quality Culture
Is a role model in demonstrating the behaviours and culture across the organization ? Represents company strategy and commercial decisions in a proactive and positive manner ? Leads by example, to motivate and assist with managing change across the organization Knowledge, Skills, and Behaviours Essential or Desirable Knowledge ? ? ? ? , Experience or qualifications Relevant third level degree qualification in IT or equivalent industry qualifications (CISSP, MCP) At least 5 years’ experience in Information Security Deep understanding of Microsoft Azure/MS 365 cloud technologies Experience in security tools and solutions and reporting Project management Management experience that encompasses information systems or information security experience Relevant certification is preferred: (CISSP, CISM, CASP+)
Essential Skills: Process mapping and data analysis skills Analytical skills – Interprets quantitative and qualitative information to achieve objective and produces effective solutions to problems. Ability to work in tight deadlines and delivering solutions within defined time periods Experience working in a complex operational environment Effective verbal and written communication skills and strong interpersonal skills, good at reporting.
Essential Behaviours ? Being cooperative, flexible, adaptable, and persistent. ? Diligence - Being careful about detail and through in completing work ? Integrity - Being honest and ethical ? Independence – developing one’s own ways of doing things, guiding oneself with little or no supervision, depending on oneself to get things done.