Information Security Lead
£650 per day | London | Contract
Posted +1 month ago
Information Security Lead
The ever changing retail market with multichannel capabilities driven by evolving technologies and interactive customer-focused applications is an attractive target for attackers.
Reporting to the Head of Information Security Assurance will be responsible for working with project and operational teams to ensure security is implemented in projects and embedded in operations.
The role will require a diverse background in the security and IT operations, risk management, project assurance and operational assurance through adherence to internal policies and relevant compliance standards. It requires establishing good working relationships with different areas of the organization including architects, technical designer and product or service owners.
Knowledge of industry recognised security frameworks and regulations such as ISO 27001, ISF SOGP, DPA/GDPR and PCI-DSS is essential to aid in the communication of compliance and associated risks to key stakeholders.
Information Security Assurance duties and responsibilities will include:
* Support security and risk management reporting and risk related actions and follow up
* Review new and existing supplier and partner contracts and perform regular assurance activities to validate supplier security posture
* Performance of audit related activities internally and externally to the organisation, as well as preparation to receive external audits
* Review design and architectural design documentation and data flow diagrams and provide security requirements and input
* Support IT and Business transformation projects by ensuring they are risk-assessed and controls and security requirements are met through the transformation lifecycle, including compliance requirements such as ISO 27001 and PCI-DSS
* Scope, arrange and support security testing, including penetration testing
* Develop information security processes and procedures alongside business and IT stakeholders and its embedding
* Attend business governance meetings as required representing the Information Security team
The following qualifications, experience and behaviors are essential to this role.
* Several years of Security Engineering/Architectural experience
* Excellent analytical skills and ability to solve complex problems;
* Excellent communication skills and the ability to clearly and concisely articulate information security risks to business and technical teams;
* Strong interpersonal skills and be approachable for all members of staff;
* Ability to communicate effectively at all levels within the organisation;
* Ability to manage third party security vendors and be involved in the procurement process;
* Experience in Security Governance and Security Assurance;
* Knowledge of ISF, ISO 27001, SOGP, PCI-DSS and GDPR; and
* Previous management experience in information security.
At least two of the following certifications is required, further training may be given to the right candidate:
* CISSP (ISSAP, ISSEP)
* ISO 27001:2013 Lead/Implementation Auditor.
Please get in touch for a full detailed job spec today.
InterQuest Group is acting as an employment agency for this vacancy. InterQuest Group is an equal opportunities employer and we welcome applications from all suitably qualified persons regardless of age, disability, gender, religion/belief, race, marriage, civil partnership, pregnancy, maternity, sex or sexual orientation. Please make us aware if you require any reasonable adjustments throughout the recruitment process.