Senior Information Security Specialist - Risk
Posted on Feb 8, 2021 by Emponics Limited
Sr Information Security Specialist - Risk
Great opportunity within Information Security at our client based in Northampton but commutable from Bedford, Milton Keynes, Rugby and Leicester who are a FTSE 250 Multichannel retailer operating from more than 2000 locations .
Salary negotiable plus up to 15% bonus, private health, pension scheme and benefits. Emphasis on Risk, Governance and Compliance.
Initially the majority of time you will be home based and moving forward split behind home and office so you need to be in reasonable commutable distance for a couple of days a week in the future .
Reporting to the Head of Information Security you will have demonstrable hands-on' Risk experience working in a variety of Information Security roles (both technical and business-facing) perhaps looking to grow your Information Security Management experience and exposure to the full life cycle in a large and busy end-user' organisation.
Looking for someone to take responsibility, someone with energy to shape and develop with real enthusiasm for the role and business.
Ideally a good few years of IS (Risk, Governance) experience with hands on dealing with Governance, Compliance & Risk. Supporting the business, supporting projects, supporting technical teams.
Number one is you have to get Risk and Risk management, risk principles and to understand how that works. Apply a Risk lens to everything they do. Good understanding of how Information Security works, good hands on experience, decent info security qualifications with an understanding how all the different disciplines and domains interact.
Ability to turn your hand to a lot of technology. We are not looking for a niche specialist of technology - they are a large corporation with a mix of Legacy right through to the latest Cloud based technology, so looking for a good breadth of info security experience rather than an in depth small section .
You will have an ability to think on your feet and research a problem or issue, talk through with colleagues on the team and then come up with options and solutions from a security point of view. You are expected to cover across technology in the business/group so its a very varied role looking for good coverage who can quickly respond/solve a problem with the help of the team if necessary, so very much a collaborative approach/team effort. Someone good at working with and drawing from the whole team. ( Nobody knows everything ).
You will be working within Risk, supporting projects, supporting BAU, support the risk register, the management of Risk, information security risk. Good experience with managing vendors and 3rd parties and doing audit task work.
Previously worked in a large organisation looking for broad experience within that company - a do-er not a manager, someone with energy, enthusiasm, someone who listens - good information security experience on the risk side, vendors and business and internal technical teams who can talk with sense about the domains within info security. Someone who can learn, wants to learn as company happy to fill in the gaps as its the right person for the team with a can do attitude that is required.
An appreciation of PCI-DSS, GDPR/Data Protection Act, Cyber Essentials and ISO 27001 standards. This is an opportunity to take the next step in your Security career and they will be supportive of you within the team.
Be great if you had experience in Cyber Controls selection and implementation and compliance management. if you had experience in a QSA role in relation to PCI or any auditing experience, again a real bonus
Cyber Controls selection and implementation, compliance management, experience in complex organisations.
Exposure to compliance/assurance/Governance/Risk processes and concepts, use of the OneTrust privacy tool; exposure to the NIST critical controls framework and other external standards/regulations a bonus.
Must have the presence/gravitas to work effectively with and influence project/programme managers and senior technicians so that pragmatic security solutions are achieved balancing business needs with risks, and achieving compliance requirements.