Working for a major telecoms organisation, this role will suit someone seeking to progress within infosec and security compliance / audit / CISM / CISA / ISO certifications, or someone who already has one of these certifications.
You will be supporting Security Management in an analytical capacity, focussed towards audit and compliance.
This role forms part of the Risk and Security team. Risk and Security is part of the wider Business Operations function and is accountable for all aspects of security governance and security operations across the business. We are responsible for managing Information Security, Corporate Risk Management, Business Continuity, and Compliance. This includes setting security policies and standards and providing guidance on their implementation, facilitating compliance with security legislation and standards, managing security incidents and investigations, providing application and infrastructure security monitoring, testing and assurance, access control assurance for critical systems, and security training and awareness.
- You will be assessing internal compliance against established security standards, ISO27001, PCI-DSS and ND1643 Interconnect Standard and support the Security Compliance Lead in driving the security compliance programme.
- You will be responsible for reporting on the status of all IT audit recommendations raised by Group and Statutory auditors as part of our security compliance programme.
- You will work very closely with our 3rd parties and partners in assessing and driving their compliance to our control standards.
- You'll be assisting the Security Compliance Lead and Information Security Manager in developing our security & compliance strategy, ensuring it's relevance to the business and further ensuring it is in line with established industry standards and legal & regulatory requirements.
- Working with the Information Security Manager and Risk & Business Continuity Manager, you will help prepare a security compliance dashboard for discussion and review at our monthly Risk Board.
- In addition, you will be working cross functionally across our business to ensure all business programmes, projects and activities enhance and do not hinder security compliance levels.
- Monitor compliance against security policies and processes & standards.
- Assist in the development and implementation of the control frameworks to meet business and regulatory requirements (Legal, DPA, PCI etc), from concept to implementation e.g. controls design, testing regimes and risk treatment plans
- Support our security compliance programme, metrics and dashboard for monthly business reporting
- Contribute to defining our current security compliance baseline and a 3 year rolling business plan
- Perform prioritised security compliance reviews (internally, third parties and partners) to assess compliance against established standards and legal & regulatory requirements
- Discuss findings, recommendations following each security compliance review in a business friendly report
- Monitor the progress of agreed recommendations through our Risk Board activity
- Work with our Group companies to ensure alignment in approach and share best practice
- Assess and monitor compliance against our security policies and processes
- Review activities performed by other internal Security teams to ensure an aligned approach to enhance the level of security compliance
- Remain current by attending industry events and represent Information Security Compliance and Governance in appropriate forums
- Understanding of security audit/compliance/analysis or security management concepts
- Proven experience working in security compliance programmes
- Desire to pursue security certification such as CISSP, CISM, PCI QSA, certified ISO27001 Lead Auditor or CISA, or already have one of these ceritifcations in place.
- Being articulate and capable of explaining technical issues simply both verbally and in writing
- Self-starter with the ability to work independently when needed, and as part of a high performing team
- Strong communication skills, verbal, written and inter-personal communication skills
- Ability to multi-task and work on projects concurrently and under tight deadlines
- Must be detail oriented and customer focused with excellent, prioritisation, time and task management skills
- Enthusiastic, with a drive to continue learning and developing new skills
- Focused on delivering good customer service - responding to requests within required timeframes, proactively providing regular updates, driving rapid resolution of requests
- Defining and delivering continuous service improvement, whilst ensuring continued delivery of BAU services