Head of Information Security
Location : Nationwide
Closing Date : 08/10/2018
Salary : Competitive
Employment Type : Permanent
Department : Group IT - IT Operations
This role will be based in London or Manchester
This is a new role with in the BPP team and is a highly skilled role being established in order to develop a trusted partner, customer and in house reputation for dealing with IT security requirements. The successful candidate will need to represent BPP on all security matters and ensure a high level of proactive security processes are maintained across the business. These processes will ensure that not only security threats are identified, but that action is taken proactively to mitigate identified threats and communicate these with the clients and management team.
Our ideal candidate will:
- Be the authoritative voice on security matters for BPP.
- Be conversant with modern security requirements and processes including ISO standards.
- Be aware of and conversant with the security services marketplace and developments.
- Own any security contract relationships to ensure adherence to contracts and requirements.
- Own security Policies & Processes at BPP and ensure implementation into customer operations teams.
- Ensure security incident reporting Policies and procedures are in place across the operations teams and communicated.
- Develop security Monitoring and Threat monitoring solutions.
- Ensure Processes are in place to ensure actions are taken when threats are identified.
- Liaise with Client CSO level employees to ensure visibility of security activities and that they meet client contractual requirements and expectations.
- Manage the governance process for IT security across existing services & new opportunities.
- Ownership the BPP security strategy & roadmap in line with emerging threats & the changing landscape of IT and Business Services.
- Ownership of client facing security structures for to include incident reporting, monitoring and client risk alerts.
- Review, assess & recommended action for operational delivery services to ensure they are following security best practice & company policies, building security in to day to day thinking and practices across delivery.
- Working closely with the BPP IT Team to continually develop the security systems
- Establish him/herself as the go to individual for all security questions relating to contracts,
- Partner with multiple projects and initiatives to apply security architecture requirements, develop solutions, integrate security into solution designs, access risks of security gaps, and develop architecture remediation.
- Annual security testing
- Lead security initiatives and ensure their successful execution.
Skills, experience and qualifications required
- Significant experience in a senior IT security related role in a large multi sector environment.
- Demonstrates knowledge of IS027001, BS25777 & PCI-DSS.
- Demonstrates thought leadership in all aspects of security i.e. cyber.
- Significant experience in information and cyber security.
- Ability to manage and deliver projects, including development of project plans, project goals and objectives, tasks, required resources, and timelines for completion.
- Understanding of the Techniques, Tools and Processes in use by hackers.
- Good understanding of security related technology like firewalls, WAFs, IDS/IPS systems, SIEM systems, etc. Hands-on experience in one of these domains is always a plus.
- Analytical thinking and problem solving skills with focus on results and customers.
- Overseeing and conducting risk management activities (risk assessment, gap analysis, business impact analysis, threat and vulnerability evaluations, etc.) to help BPP reach an acceptable level of risk.
- Excellent Communications skills to C level within client organisations.
- Excellent presentation skills.
- Educated to degree level with considerable professional experience gained operating at a senior level in private or public sector with a demonstrable track record of managing risk & operational security services is essential.
- Industry accepted IT Security certification e.g. CISSP. CISM or ISSMP.