Job Title: | Head of InfoSec Governance Risk & Compliance - PCI DSS |
Contract Type: | Permanent |
Location: | Berkshire |
Industry: | |
Salary: | car, bonus, pension |
Start Date: | Up to 3 months notice |
REF: | P/Hof/Info/Sec_1673438834 |
Contact Name: | Sara Rowe |
Contact Email: | sara.rowe@projectpeople.com |
Job Published: | over 1 year ago |
Job Description
Head of Information Security Governance Risk & Compliance - Permanent - Berkshire - Mobile Telecoms
Exciting opportunity to join a leading mobile operator based in Berkshire with hybrid working.
Expert knowledge of PCI DSS is essential for this role
Job Purpose
- Lead for the Security Director on all things relating to Governance, Risk and Compliance across the business.
- Maintaining all Policies, regarding IT Governance and Compliance to the ISO27000 alignment, are both current and applicable to the Company technology 'stack' along with the entire organisation.
- Managing the Information Security Risks and Audit findings across the Company to include; managing the Risk & Audit process flow from identification to application to the Risk Register and finally the closure of the Audit point or the reduction of the Risk.
- Accountable for the development of plans for review of management systems, including the review of implementation and use of standards and the effectiveness of operational and process controls.
- Accountable within Technology and Operations for the independent assessment of the conformity of any activity, process, deliverable, product or service to the criteria of specified standards, best practice, or other documented requirements
Knowledge & experience
10+ years' experience working in a Senior Position, with expert level knowledge in PCI DSS, ISO27001, IT Security Risk Management tools.
Essential:
One of:
CISSP
CISM
CISA
Degree in Information Security
Key deliverables for the role:
- Provide end-to-end engagement on a wide range of technology risks ensuring that all the risks are identified, documented, ranked and tracked within the appropriate department.
- Engage with Senior Members of the technical team for reviewing and documenting all the risks under their function, from identification to mitigation to either the end of the risk or acceptance/lowering the risk.
- Besides engagement at a Senior level, also assisting in the building of a Technology Risk culture within the business; developing the skills within the various departments to make risk second nature.
- Reviewing, digesting and applying knowledge of the working world of Information Security and its applicability to the business regarding risk exposer areas.
- Managing the refresh of all of the Information Security Governing and Compliance related policies & documentation for all of Technology
- Managing the Technology Risks and Audit findings across the business to include; managing the Technology Risk & Audit process flow from identification to application to the Risk Register and finally the closure of the Audit point or the reduction of the Risk.
- Reporting both up and down the various business departments about any and all risks that pertain to Information Security Technology and the impact of carrying risks without mitigation
- Managing all Third Party Supplier assessments for both new business and current business relationships the company has with the various suppliers. These assessment focus how safe and secure a supplier handles their security practices along with how they handle our data within their environment
Project People is acting as an Employment Agency in relation to this vacancy.
SIMILAR ROLES
-
Accounts Payable & Receivable Assistant
Location: Theale
Salary: Negotiable
-
Management Systems Lead
Location: Reading
Salary: Negotiable
-
NTQ Delivery Manager - Telecoms
Location: Reading
Salary: Negotiable
-
Finance Accountant - Capex
Location: Reading
Salary: Negotiable
-
Data Warehouse Manager / Team Lead
Location: Reading
Salary: Negotiable
-
Regional/Commercial Property Surveyor
Location: Reading
Salary: Negotiable