Our client is a leading and long-standing retailer who represent many brands within their sector. They have grown significantly in recent years and are also listed on the London Stock Exchange. They are currently recruiting for an Information Security and Data Protection Officer to undertake a dual role that will potentially report direct to the CFO.
The candidate will be responsible for developing and implementing the information security program, which includes procedures and policies designed to protect their communications, systems and data assets from both internal and external threats. The candidate will also be responsible for managing the groups GDPR programme.
The candidate will work closely with the Technology Officer and the Head of Infrastructure. The company has a large Technology Department and employs dedicated security specialists.
Main Duties and Responsibilities;
Data Security Management Framework
- Responsible for documenting the governance and control framework in respect of Data Security and ensuring that the information security strategies are aligned with and support business objectives and are consistent with applicable laws and regulations through adherence to policies and internal controls.
- Responsible for communicating the approach to cyber risk management throughout the Group and communicating the value of security and processes to employees.
- Responsibility for handling reported security incidents, identifying root cause and playing a lead role in crisis management and advising on threat detection.
- The IS/DPO will be expected to create an audit framework and conduct internal audits to verify compliance to Information Security policies and standards and advise where remedial actions are required, highlighting where these are not in line with risk appetite.
- Responsibility for the carrying out Information Security Risk Assessments and Data Privacy Impact Assessments, keeping the Risk Register up to date and providing Risk based management information to the Business.
- Manage the GDPR programme
- A security certification such as CISSP/CISM/CISA/CISMP.
- Be fully conversant with ISO27001 information security standard and PCI-DSS
- Ability to adapt to a fast-moving IT landscape and keep pace with latest thinking and new security technologies
- Thrives on change, showing an impressive ability to drive the IT security strategy forward
- Analytical mind capable of managing numerous information sources and providing analysis and reports to senior management
- Strong customer focus - able to meet the demands of internal and external customers
- Excellent communication skills - providing verbal and written communication that is understandable and engaging to senior management and colleagues
- Flexible and adaptable - capable of changing direction where required and showing flexibility to meet new demands
- Forms business partnerships that help drive the IT security strategy forward
- Creative thinking - able to look at alternatives and consider new ways of thinking to problem solve
- Multi-tasking - can manage several concurrent projects and prioritise demands
- Knowledge of risk analysis and risk management methodologies