Head of Cyber and Information Security

Head of Cyber and Information SecurityThis position will be a hybrid role based out of London. DescriptionPurpose of Role:The Head of Cyber & Information Security forms part of the senior leadership team within the Security function reporting directly to the Chief Security Officer (CSO)You will act as a trusted advisor to the CSO and C-Suite stakeholders across the UK and work with them to ensure the business is secure and compliant with the policies, standards and regulations set out in the Security Operating ModelThis is a highly operational and highly visible leadership role, as you will take overall charge of the UK's Cyber Defence and Security Operations teams. You will also have overall responsibility for Security Governance, Risk & Compliance and lead the Business Continuity and Crisis Management teams, working across the whole of the business to ensure we are resilient and prepared should business interruption occur.Team Description:We work in a heavily regulated environment and must secure one of the most visited websites in the UK, a very large retail channel and numerous back-office systems spread across both on premise datacenters and the Cloud.The Security function is comprised of 3 Team GroupsEnterprise SecuritySecurity ArchitectureSecurity Design EngineeringSecurity ConsultancySecurity TestingCyber & Information SecurityGovernance, Risk & ComplianceCyber DefenceSecurity OperationsProtective SecurityPhysical SecurityInvestigationsIntelligenceThe Cyber & Information Security team form a key pillar in our security operating model - you will be responsible for leading the activities of the Cyber and Information security team, and you will be expected to get deeply involved in ensuring our key suppliers operate to the same high security standards we demand of ourselves.Key Accountabilities or Duties:Manage, develop & Lead the Cyber & Information Security teamsBe a member of the Security SLTIdentify, measure, control and report on security risks within information systemsAccountable for the creation and upkeep of our documented security standards, policies, processes Manage the budget of the Cyber & Information Security Cost CentreCo-create the security strategyManage operational teams that protect, defend and respond to threatsAnticipate, influence and assist the organization to assess and rapidly adjust to changing threat conditions and trends both internally and externallyEstablish and maintain relationships with industry peers, other Group operating companies and external security organisations, working with Specialist consultants where appropriateImplement KPIs and metrics to measure our security performance and assess and track our exposure to riskAccountable for continuous improvement / maturity of our Cyber Defence team and ensuring our capabilities are operating at optimal levels to both identify threats and maintain effectiveness of the SOCOverall Accountability for overall leadership of the 24/7 SOC and the efficient response to Cyber attacks.Overall Accountability for Business Continuity and Crisis Management the UKOverall Accountability for ensuring we maintain or achieve certification to ISO22301/#####/27701/27002/PCI DSS/ WLA SCS2020 / NCSC CAFAs part of the senior nature of this role, you'll be required to be available outside of normal office hoursSkills & Experience:The successful individual will be one of the most important Information Security professional across the global organisation and will advise the most senior of our employees on Security Operations. As well as having the experience and influence to operate in this manner, you will have:At least five years' experience gained in a technically focussed security roleDemonstrable experience of successful delivery in a technically focussed roleAbility to articulate complex technical or sensitive issues to a wide audience is essentialExperience of managing internet threats and risk mitigationStrong understanding of external and internal threat landscapesBroad experience of a wide range of security technologies and productsUnderstanding of information security governance principlesAbility to demonstrate an understanding of common security management principles (eg PCI-DSS)Bring the skills, experience and ability to adapt to be able to deliver any desired solution potentially using a wide variety of technologies that will help reduce security related risksExcellent communication skillsExcellent judgementLine management experienceExperienced in deploying security technology in a cloud environment.Cyber security incident management experienceDesirable:Experience of working with AWS and AzureWorking in a regulated environment
#J-18808-Ljbffr