Information Security Officer – Major Travel Group
9-5 (can start at 8:30 and finish 4:30) *Early finish Fridays
Responsibilities:
Oversee information security, cybersecurity, and IT risk management programs based on industry-accepted information security and risk management frameworks.
Qualifications:
CISSP/CISA/CISM
Skills:
Information Security policies, risks, threats, compliance, governance, regulation.
Experience:
* Experience of operating in a high growth environment, with exposure to a range of information security technologies and frameworks.
* Experience of cloud services and potential security problems with cloud deployments.
* Experience with the development, deployment, and automation of cloud security solutions in an enterprise environment.
* Experience in assessing the effectiveness of information security measures, identifying and mitigating potential risk exposures.
* Experience in carrying out audits to ensure that IT security practices, controls, and systems are effective, identifying areas for improvement.
* Experience in coordinating the continuous development, implementation, and updating of IT security policies, processes, procedures, plans, and baselines in compliance with relevant regulations and standards for information systems.
* Experience in developing Incident Response Plans to detect, respond to, and limit the effects of an Information Security event.
* Experienced in coordinating information security incident response and reporting for events or exploited vulnerabilities.
* Experience with the development of educational programs in the area of cyber security awareness.
* Detailed knowledge of the processes, tools, and techniques of information security management.
* Experience in providing technical or business guidance to senior management.
* Knowledge of IT processes and controls and strong understanding of risk and control frameworks such as CoBIT, ISO, PCI.
* Knowledge of information security regulatory requirements and standards such as Cyber Essentials, ISO 27001/2, NIS.
Abilities:
* Ability to identify and demonstrate up-to-date knowledge and understanding of the information security threat landscape and associated countermeasures.
* Ability to conduct complex security incident investigations; prepare written findings, recommendations, and follow-up evaluations.
* Ability to ensure standards and parameters for any systems on the network are correct.
* Ability to act decisively in critical situations.
* Ability to make decisions with confidence and show initiative.
* Ability to work effectively under pressure and meet tight deadlines.
* Ability to provide in-depth analysis of complex problems, managing risk and providing timely and accurate decisions to solve problems.
* Ability to balance the interests of the various stakeholders.
Education: Preferred degree or higher level further education.
Essential: Certifications in information security including but not limited to: Cyber/Information Security such as CISSP, CISM, CISA, Certified Cloud Security Professional.
Experience: A minimum of 5-7 years work experience in a growing and challenging environment.
Personal Skills and Attributes:
* Communication: Proactive worker, able to operate at both strategic and operational levels, with exceptional communication skills.
* Ethics & Integrity: Operates with unquestionable integrity and fosters an ethical, values-driven culture.
* Results driven: Pro-active and energetic, with excellent attention to detail.
* Calmness under pressure: Pro-actively manage multiple projects, tasks, and priorities.
* Stakeholder management: Strong communication skills, able to adapt communication styles to suit different audiences.
* Accountability: Takes clear ownership and accountability for assigned projects and tasks.
* Organisational skills: Attention to detail and multi-tasking skills.
* Team worker: Listens to others and takes their ideas on board.
This job description is intended to reflect the post holder’s duties that would normally be expected to be undertaken. Owing to the nature of the post, the above duties are not exhaustive, and the Company may require you from time to time to undertake additional duties within your capabilities.
#J-18808-Ljbffr