Our client is a UK leading Telecoms company who are committed to providing the highest quality products and services. They are looking for a Business Information Security Officer to join their team.

Location

• Reading, RG2 or Hammersmith, London W6
• Remote working for now

Contract length
6 months

Working Hours
Monday - Friday (9am - 5:30pm)

Rate (Inside IR35 only)

• £446.15 per day via PAYE + Holiday pay

• £550 per day through a Hays approved umbrella company

Job Overview
As a diverse and inclusive organisation, our BISOs embed with business segments, and help drive business-driven security by supporting business leaders, technology functions, as well as risk and compliance, and other functions.

BISOs are the leading force for information security and cyber risk management being executed at the point closest to the actual risk with insights and understanding of the unique business context. As such, the role requires a servant leader with growth mind-set, empathy, self-motivation, agility, DevOps, and great communication, to complement our one-team culture as well as a good understanding of our regulatory requirements including but not limited to privacy.

Key Responsibilities

• Identify information security and cyber risk requirements and oversight of delivery by:
  • Defining business unit requirements for security controls that enable the business unit to conduct its business continuously in a secure manner
  • Defining business unit requirements for the information security strategy, roadmap and programmes that enable the business unit to regularly enhance its security controls
  • Ensuring delivery of the information security programme within the business unit, delivery of services and products provided by Group shared security services. Where services are delivered by external providers, ensuring delivery of the information security services as per requirements of business unit.
  • Engage with the business unit to:
    • Develop an understanding of business goals in order to constructively engage business leaders on information security, identifying key areas for improvement, driving appropriate risk management decisions and collaborating with stakeholders to achieve positive outcomes and business benefits
    • Ensure emerging information and cyber security threats to the business are identified, discussed and addressed through presented opportunities of security innovation
    • Build strong relationships within the business to gain an understanding of security-related business risks.
    • Embedding information security and cyber across the business segment by:
      • Working with business leaders to ensure that information security policies and standards are integrated with business processes. Constructively challenging existing processes where necessary
      • Identifying and addressing opportunities for people, process, and technology to enable positive business outcomes factoring cyber requirements, and ensuring stakeholders understand their responsibilities in relation to security risk mitigation and remediation
      • Monitoring information security trends and keeps business leadership informed about information security-related issues and activities potentially affecting the organisation.
    • Focus on awareness and training including by:
      • Briefing regularly the business unit leadership team on cyber threats and risks profile
      • Delivering awareness and training to the relevant business unit team and high-risk users
      • Communicating the importance and promoting awareness of information security to the business. Increasing business awareness of emerging security threats and risks. Helping develop a security culture within the business.
    • Partnering with the different functions working on controls by:
      • Leading information security compliance and risk assessment efforts
      • Providing guidance for audit preparation and addressing audit findings
      • Maintaining a balanced relationship with risk functions, compliance functions and with internal and external audit functions.

Experience Required

• Min 5 years of work experience in integrating security policies with people, processes, technologies and service
• Skilled at identifying security risks and exposures as well as remedial controls and processes
• In-depth knowledge and understanding of information security risk concepts and principles as a means of relating business needs to security controls
• Information security management qualifications (e.g., CISSP, CISM or CRISC) desirable
• Good understanding for security solutions, security architecture, DevSecOps and security in hybrid multi-cloud environment
• Demonstrated experience providing written and verbal presentations to senior executives
• Ownership mentality with analytical and problem-solving skills
• Absolutely trustworthy with high standards of personal integrity
• Proven excellent relationship management skills at all levels of the organisation
• Demonstrated ability to operate effectively with minimal supervision
• Building networks with key contacts
• Passionate on doing the right thing and contributing to an organisation focused on continuously improving customer experience.

If this sounds like something you would be interested in, click apply now!