Business Unit: Technology
Location: Chester - Head Office
Contract Type: Permanent/Full Time
Closing Date: 21 March 2019
The Information Security Team are accountable for GBG’s Information Security, Security Architecture, Security Compliance, Security Awareness, Security Operations and Information Security Risk Management.
You will be responsible for the support of GBG’s group wide Information Security Management System in accordance with relevant frameworks.
What you will do
• Support the delivery of the GBG Cyber Strategy, Services, Capabilities and Group CISO across GBG
• Assist with the implementation of GBG Information Security services as part of newly formed CISO function
• Work as directed by the Information Security Management Team to influence and support the positive management of GBG security risks and remediation activities
• Work as part of the GBG Information Security team across a number of security improvement work streams, which support various business units and geographic regions
• Coordinate and manage third party supplier security review process, (circa 700+ suppliers), schedule and risk management activities – helping GBG to understand the supply chain security position
• Support the development of security audits, processes and procedures, and supports service-level agreements (SLAs) to ensure that security services are managed and maintained
• Works with information security leadership & IT teams to develop plans to enforce security requirements and address identified risks
• Manage relationship with GBG auditors
To be successful, we are looking for
• Ability to prioritize ISO27001 audits reviews, based on common sense business risk and level of criticality of services
• A working knowledge of the latest information technology trends
• Performing risk, business impact, and control and vulnerability assessments
• Experience of common information security management frameworks and standards, such as ISO27001, ITIL, COBIT, PCI-DSS and National Institute of Standards and Technology (NIST)
• Familiarity with relevant legislation including DPA and GDPR
• Contemporary understanding of supplier review processes, and proven experience, and ability to successfully deliver results in accordance with industry standards and within specific deadlines.
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls
• Exposure to group-wide standards and policies relating to ISO27001 controls
• Exposure to risk assessments of products and services
• Experience of implementing treatment plans for risks and management of risk models
• Experience to External & Internal RFP’s
• Exposure to audits from external sources, i.e. client requests, official bodies such as BSI, regulators
• Excellent communication skills
• A pragmatic approach to risk and information security
• A willingness to learn and develop with a security focus, with the ability to manage expectations appropriately, building long-term relationships
The role may require some travel both within the UK and to international offices.