Head of Information Security - TSR Compliance

Head of Information Security - TSR Compliance

Contract - via Umbrella

Remote based for now, then Reading once a return to the office is confirmed

We have an exciting opportunity to work as Head of Information Security for TSR Compliance, for a leading telecom company based in Reading.

This role will suite someone who has occupied Senior/Advisory/BISO/CISO Information security roles, with a track record of being able to land new compliance within the organisation. In this instance, this compliance is TSR (Telecommunication Security Requirements), which are a relatively new set of policies operators needs to adhere to.

The role will sit alongside their current Security team, and lead around the approach is to build new ways of working - Security Policies, measures, Risk framework updates, GRC tool and controls status program within the Program, so the current security team continue to work 'as is' and as new ways of working are defined to train and deploy them to the existing team and gradually introduce them into the organisation.

Responsibilities of the Head of Information Security include:

• Lead Information Security TSR advisory and content for the TSR program on behalf of Security Director
• Align TSR InfoSec guidance and activities with overall company strategies for Security, Enterprise risk, compliance tracking and management
• Work with internal and external Security resources to support gap assessment of TSR, understand and interpret Security aspects of TSR, work with legal and Government resources on clarifications of interpretation
• Provide security support and advice to Technical Domain and Thematic workstream teams to ensure they deliver secure solutions that are TSR compliant, building own knowledge, external resources and building a knowledge base and training existing security team
• Lead the update and adaptation of InfoSec deliverables to include TSR requirements; Policies, Standards, Patterns and Compliance (Internal/Third Party) working with Project team, TSR and Technical Consulting, InfoSec and internal Technical team members
• Lead the adjustment of the Risk framework and introduce controls management and tracking across the organisation, including the implementation of GRC tools and reporting of controls status
• Work with Government affairs and LGRA teams and Security Director to represent the business at TSR meetings with Ofcom, DCMS and NCSC working groups on TSR. In addition work with partners on TSR security steerco

The successful Head of TSR Information Security will have:

• Senior level management experience having worked across both advisory information security roles (e.g.. BISO type roles) and experience with defining/deploying a Risk and Controls framework, including guiding the implementation of a GRC tool. They are not expected to be hands on coding/changing GRC tool however would work through the RFP selection process and work to guide the vendor on the configuration requirements
• The Head of Information Security will be able to provide the Project and existing Security teams the necessary guidance to build policies, standards, risks and controls frameworks that meet TSR and operational requirements of the business and actively learn about TSR themselves becoming the expert for TSR, ensuring consistent interpretation, documented definitions and liaising with internal/externals for clarifications.
• Experience of deploying a Risk and controls framework, interpreting regulations and working to provide advisory support to Security, Technology and business teams in a regulated environment is more important than Telecom specific expertise.

If you would like to be considered, please submit your CV via this advert. Shortlisted candidates will be contacted in due course.

Project People is acting as an Employment Business in relation to this vacancy.