Location: We operate a flexible, hybrid working environment with the candidate required to travel to our Winchester office twice a week. Candidates must be eligible and willing to undergo Security Clearance We offer • Up to 85k base salary • 10% Bonus • 6% pension contribution • Private Medical • 25 days annual leave • Access to our comprehensive flexible benefits including discounts on big brands, wellness and employee assistance programmes, gymflex, buy and sell annual leave, travel and dental insurance • Work. Life. Smarter. Our commitment to a flexible and hybrid working culture Role Profile In this mid-level role you will take responsibility for providing security guidance and testing consultancy, partnering with Governance Risk & Compliance and Threat & Response teams, you will provide technical security leadership as the IS subject matter expert to support functions, interpret and embed the technical aspects of Arqiva’s information security strategy within their individual functions strategies. Who We Are Arqiva is at the heart of the broadcast and utilities sector in the UK and beyond. Through our infrastructure we ensure media and data is taken from, and delivered to where it is most valued, whether that’s from broadcasters to your TV screen or radio, or from your smart meter to the utility company. Even if you haven’t heard of us before, the chances are you’re indirectly a customer of ours and our infrastructure is part of your everyday life We have a rich heritage and an exciting future ahead of us, and there’s so much more to us that we can’t wait to share with you. Key Responsibilities will include • Provide guidance around Arqiva’s technical security risks, aiding delivery teams with solution implementation to meet the expected controls to ensure compliance to ISO27001 ISMS policies, legal, regulatory, or contractual obligations. • Help drive projects implementing security obligations of the Telecoms Security Act. • Be accountable for reviewing and reporting on allocated functions obligations as above. • Enable stakeholders to integrate and embed the technical requirements of Arqiva’s Information Security Management Systems and supporting frameworks within the technical solutions and processes; supporting functions to raise exceptions against Arqiva’s ISMS. • Take ownership of specific horizon scanning and engaging with external research and advisory organisations, industry bodies, customers, and 3rd party vendors to ensure current knowledge and skills are maintained; ensuring that IS can enhance innovation, improve productivity, and ultimately drive revenue. • Support technical and product teams within Arqiva on bids (RFI/RFP) and designs to ensure security requirements are delivered as part of the product. • Review project designs, offering actionable recommendations to the project team. • Improve on, or develop new processes, procedures, policies, standards, and guidelines to continuously improve Arqiva’s cyber security maturity and promote awareness while providing consistent interpretation of policies. • Define the scope for penetration tests, vulnerability assessments and technical reviews, evaluating results and driving on appropriate remedial actions. • Assist and support Information Security Risk Assessors with risk assessments and appraisals. Must Haves Significant IS experience and knowledge including using artefacts / standards from at least one of the following authorities: • National Institute for Standards and Technology (NIST) - Cyber Security Framework • Information Security Foundation (ISF) - The Standard of Good Practice for Information Security, Maturity Model, Benchmark, Using Cloud Services Securely • Centre for Internet Security (CIS) – Controls, Benchmark • Cloud Security Alliance (CCA) – Cloud Controls Matrix • Knowledge & appreciation for ISO 27001/27002, the Network & Information Systems Regulations (NIS), ITIL and particularly the Telecom Security Act (2021) / Telecoms Security Code of Practice (2022). Good knowledge and experience of the following technologies: • IP networking concepts and supporting protocols (Dynamic Routing, DNS, NTP, SNMP etc.) • IT Security systems (Firewalls, IDS/IPS, Web proxy, PAM) • Operational Technology (OT) security and connectivity, ideally with exposure to the Media and Broadcast sectors, and how this differs from typical IT systems. • Satellite communications • Broadcast Radio • Digital Terrestrial Television (DTT) • Media Multiplexing and content distribution • Operations Support Systems (OSS) • Excellent written and verbal communication skills, including executive level internal and customer presentations. • Excellent collaboration and engagement skills to be used to form strong effective partnerships with internal and external stakeholders. • Experience: Min 3 yrs. in a dedicated security design/architect/consultant role delivering from requirements to build and transition. Min 5 yrs. in information Security environments Qualifications • Qualification to RQF/FHEQ Level 5 – diploma of higher education (DipHE), foundation degree, higher national diploma (HND) level 5 award, level 5 certificate, level 5 diploma, level 4 NVQ Hold two of the following professional qualifications (preferably one being CISSP): • CISSP, Certified Information Systems Security Professional (ISC2) • CCSP, Certified Cloud Security Professional (ISC2) • CCSK, Certificate of Cloud Security Knowledge (CSA) • CISM, Certified Information Security Manager (ISCA) • CEng • SABSA • TOGAF • CEH, Certified Ethical Hacker (EC-Council) • CCNP Security, Cisco Certified Network Professional (Cisco) Might Haves Experience of working in government or other highly regulated environments. However, we are open to wider applicants with an interest in the sectors we operate in. More than anything, we want to work with people who are passionate about what they do and believe in our vision. So, if you think you have most of the skills and / or experience we are looking for, then please do apply for the role - we want to hear from you What do you need to be the best version of you… We have worked closely with our colleagues during the past two years to create Work. Life. Smarter. – our approach and commitment to a flexible and hybrid working culture for everyone. Our approach gives our colleagues empowerment and support to work in ways that enable them to thrive in their role. We are very much on a learning journey at Arqiva, but through a balance of in-person and remote working opportunities, we are encouraging our teams to work together to put in place what works best for them, ensuring that they’re meeting individual, team and customer needs. Our colleagues feel empowered by the opportunities available to them to ensure we all bring our very best selves to work, wherever that may be, and we welcome the opportunity to talk to you about how Work. Life. Smarter. could work for the role you are interested in, as well as formal flexible working requests such as part-time or job shares. More than anything, we want to work with people who are passionate about what they do and believe in our vision. So, if you think you have most of the skills and / or experience we are looking for, then please do apply for the role - we want to hear from you