Key Responsibilities To analyse specific security environments across the Group as agreed with the CISO and identify improvements. This will be accomplished through a project life cycle starting by writing a Project Initiation Document (PID) which defines the area to be investigated or evaluated and is completed by agreed documented recommendations with dates for completed remediation, by the relevant identified areas. The role is responsible to ensure completion to an agreed timetable.To coordinate regular (quarterly) Infrastructure Reviews in support of certifications under the role's remit, across the global estate by conducting assessments of the Platforms and Corporate systems. The role is responsible for reports which makes recommendations to the CISO to minimise any identified risks, obtain an agreed timetable for remediation (entered in to the Compliance Calendar) and ensure any work is completed to the timetable.To work closely with the CISO and Quality and Compliance Executive to provide assurance that policies and procedures for Information Security are effective and are adhered to by sampling different areas across the global business (performing internal audits or ensuring they are performed as appropriate). To maintain a list of areas for consideration and sample at least two areas each quarter. As a result of the sampling, use the findings to be proactive in making recommendations for updates to policies and procedures, as required.To liaise with agreed external security agencies (where required) and ensure that any information requested is provided on a timely and secure basis.To keep up to date with security trends, threats and control measures.To perform such duties appropriate to the role, as may be directed by the CISO.Policies, Processes and Procedures To ensure relevant policies, processes and procedures are up to date and posted onto the Business Management System (BMS) in accordance with internal processes. To provide and/or design training and awareness sessions on policies, processes and procedures as relevant and agreed with the CISO.ISO Certifications To take responsibility for the continued achievement of ISO27001 and ISO9001 certifications for the UK and any other certifications as directed by the CISO from time to time. Responsibility includes the implementation of recommendations, driving external and internal audit requirements/outputs and ensuring arrangements for certification are made and prepared for fully.To support the Quality and Compliance Executive in ensuring the required Certifications are maintained across the Global landscape. The role will produce monthly reports for presentation to the CISO on those items covered by the certification that are required for examination by the internal and external auditors. The jobholder is to take responsibility for ensuring that the timing and preparation for audit visits which may be co-ordinated and arranged by the Quality and Compliance Executive are entered in the Compliance Calendar.To provide support and consultation to the CISO as required across other certifications.Misc Duties in Support and Conjunction with CISO To undertake projects, tender responses and other information security actions in support of the CISO team and Business objectives and plans.A good standard of education degree level is a must.Professional industry qualifications are also sought.
#J-18808-Ljbffr