1. Developing and delivering the security compliance audit plan using the ISO27001 & ISO22301 standards, audit results and security risks to execute security audits across the entire organisation. Collaborate closely with wider team, Cyber Security, Risk and Privacy and Compliance teams.
2. Agreeing corrective actions, and track these through to completion. Support the implementation of best-practice policies, procedures and controls across the organisation.
3. Helping prepare regular reports to senior management on the status of business continuity, crisis management and the security audits.
4. Supporting delivery of the Business Continuity ISO22301 throughout Vodafone UK ensuring delivery of a robust Business Continuity Management System (BCMS).
5. Perform Duty Crisis manager duties, including leading in a Crisis, as directed and required. Developing cross-business Crisis plans as required
Who you are
6. Analytical, with skills in reviewing data from a variety of sources and formats
7. Inquisitive, able to ask questions that delve into the what and how of processes, people, and systems and interpret responses
8. Ability to manage stakeholders across multiple areas of the business and manage sensitive discussions is a necessary skill.
9. Must be able to think and act in a wider risk context rather than just “tick box” compliance.
10. Experience or understanding of ISO27001 / ISO22301 controls or equivalent in a Telecommunications organisation or major incident background would be an advantage
11. Technical knowledge/understanding of fixed/mobile telecoms or IT systems is desirable
12. Professional certification to in delivery of audit (such as ISO 27001 lead Auditor, ISO22301 lead auditor, ISO9001 lead auditor, or equivalent) is an advantage.
13. Project management experience would be an advantage.