â€¢ Ensure business needs can be delivered in a secure manner, adhering to Information Security and Risk policies and standards.
â€¢ Undertake security assurance activities relating to programmes and projects; Information Security risk assessment and analysis; and perform other Security Management activities including governance, compliance, strategy and awareness.
â€¢ Design and ensure the delivery of Secure solutions across the technology and Digital estate, though the use of secure by design principles..
â€¢ Validate the implementation of and adherence to the companies Enterprise Security Standards through the relevant company & UK governance forums.
Accountabilities and Activities
Information Security and Assurance
â€¢ Provide advice, guidance and policy interpretation to a wide audience of internal and
external entities (teams, projects, suppliers, customers and partners)
â€¢ Provide detailed technical standards content, based on established security policies
â€¢ Obtain and act on vulnerability information and conduct security risk assessments,
business impact analysis and accreditation on complex information systems.
â€¢ Contribute to the investigation of major breaches of security, and recommend
appropriate control improvements.
â€¢ Support the response to security incidents by the Security Operations Team including
root cause analysis and ensuring that systemic gaps identified are closed in an
appropriate and timely manner.
â€¢ Contribute to development of information security policy, standards and guidelines
and working with a wide range of stakeholders, ensure that policies and standards are
being effectively implemented.
â€¢ As required perform formal reviews and assessments of Third Party Suppliers and
Offshore partners. Review information systems for compliance with policy, standards
and regulatory requirements and specify any required changes.
Qualifications, Training and Experience
â€¢ Good experience and knowledge of Information Security management, ideally with a
technical degree and /or industry recognised qualifications (e.g. CISM, CISA, CISSP,
â€¢ A sound understanding of British and International Security Standards (e.g. ISO/IEC
27001, ISO/IEC 27002) relevant Privacy legislation (especially Data Protection Act 1998)
and regulatory obligations (e.g. PCI/DSS, FCA, PRA).
â€¢ Knowledge of security architecture and design; experience of developing security
requirements and ensuring these are adequately specified, represented in designs, and
implemented in deployment.
â€¢ Knowledge of security policy implementation and deployment; experience of creating
technical security standards based on established policy objectives and requirements.
â€¢ Knowledge of corporate procurement and tendering processes; experience of specifying
security requirements in contract schedules.
â€¢ Knowledge of security process and control assurance; experience of providing assurance
to customers, and gaining assurance from suppliers.
â€¢ Knowledge of current security tools, processes and techniques; experience of deploying
tools, processes, training to demonstrate measurable security benefit.