Head of Technical Security Compliance
Posted on Aug 22, 2019 by Ntrinsic Consulting
My client, a market leader in mobile networks and technology are looking for a Head of Technical Security Compliance to join their leadership team within their Security and Assurance Centre of Excellence.
- This role will involve Security clearance to DV level. If you do not have this already, you must be able to go through the process to gain this.
- You must have been settled and working in the UK for a minimum of 5 years in order to gain this clearance.
The core functions of the role are:
- Technology Standards & Compliance
- Policy Definition
- Technical Risk Management
- Regulatory Compliance
- Government Liaison
- Cleared Security Personnel
- Security & Audit Compliance
- Security Awareness
This role is accountable for:
- Leading the Technology & Operations specific organisational procedures for the internal or third-party assessment of an activity, process, product or service, against recognised criteria and standards.
- Development of plans for review of management systems, including the review of implementation and use of standards and the effectiveness of operational and process controls.
- Technology and Operations for the independent assessment of the conformity of any activity, process, deliverable, product or service to the criteria of specified standards, best practice, or other documented requirements.
- The planning cycle for this role is annual to support audit activities.
Role Fundamentals - Essential criteria
- Demonstrable experience of leading large scale delivery of compliance against industry standards frameworks, eg NIST SP800-53, ISO27001, Cyber Essentials
- Industry or academic credentials in security or risk management, eg CISM, CISSP or relevant graduate degree
- Requirement to be security cleared/clearable to DV level as part of role.
Level/Grade specific experience and knowledge
Candidates at this level should demonstrate:
- Leadership and managerial experience at a senior level demonstrating strong stakeholder relationship management.
- The ability to bring thought leadership to their area, decompose problems, collaborate, deliver sound decision making and communicate effectively.
- Proven ability to develop, coach and motivate people, recognise gaps and build plans to develop capability. Experience in building empowered, trusted teams.
- Has clear experience of their domain with knowledge of technologies, frameworks and standards and how to successfully apply these, through improvement roadmaps, to drive incremental maturity improvements and outcomes.
- Understanding of marketing led/consumer brands and the importance of customer experience.
- An ability to work in a service orientated environment and the importance of this in product development. Will understand the end to end workings of our business and the impact of key trading and operational decisions
- Ability to advise on and support the creation of strategies and visions with a proven record of translating these into operational plans that maintain a people and customer experience focus.
- Ability to adapt plans to changing needs.
- A background on using insight and tracking performance to enable quality decision making, and will be able to articulate the benefits or drawbacks of such decisions
- Proven record of working in an ambiguous, fast paced delivery environment showing an ability to handle ambiguity and differing speeds of change.
- Comfortable with problem solving without knowing all the answers.
- Experience of working across multi domains to take a more enterprise wide view.
- Will have clear experience of working in a role managing complex operations and changes whilst being accountable for their budgets and value realisation.
- Will have solid financial acumen.
- Background of working in a heavily partnered environment where delivery success is highly reliant on the capabilities of our partners and our ability to support and deliver those outcomes together.
Domain specific knowledge & experience - Desirable criteria
- Out of hours availability required for this role
- Professional Business Continuity certification, eg BCM Practitioner or ISO22301 Certified accreditation.
- Sound understanding of security control standards such as ISO27001
Other key responsibilities:
- Authorises the issue of formal reports to management on the extent of compliance of systems with standards, regulations and/or legislation.
- Manages the review, conducts the review or manages third party reviewers in support of audit of Technology and Operations activities and identifies areas of risk and specifies interrogation programmes.
- Ensures clear and comprehensive security architecture standards are in place: IT Security architecture principles are defined, documented (in the form of blueprints, designs, diagrams, tables and models), regularly reviewed and updated, providing guidance to partners.
- Owns the repository of standards which provides guidance to employees: ensuring processes are defined, documented and available for employee use to minimise dependence on individuals and empowering employees to learn and develop their understanding and skills.
- Leads the teams that own the security process to ensure Three collects and provides law enforcement officials with intercepted communications of private individuals or organizations. This is a legally sanctioned official access to private communication.
- Leads the teams that ensure that the policy and standards for security administration are fit for purpose, current and are correctly implemented.
This is an excellent opportunity to join an organisation at the cutting edge of their field and help lead them in a remarkable period transformation.
Please apply with CV attached.