SECURITY COMPLIANCE SPECIALIST required to work for a large telecommunications company based in Berkshire.
The Security Compliance Specialist forms part of the Risk and Security team. Risk and Security is part of the wider Business Operations function and is accountable for all aspects of security governance and security operations. We are responsible for managing Information Security, Corporate Risk Management, Business Continuity, and Compliance. This includes setting security policies and standards and providing guidance on their implementation, facilitating our compliance with security legislation and standards, managing security incidents and investigations, providing application and infrastructure security monitoring, testing and assurance, access control assurance for critical systems, and security training and awareness.
- You will be assessing internal compliance against established security standards, ISO27001, PCI-DSS and ND1643 Interconnect Standard and support the Security Compliance Lead in driving a security compliance programme
- The Security Compliance Specialist will be responsible for delivering and reporting on the status of all IT audit recommendations raised by Group and Statutory auditors as part of our security compliance programme.
- You will work very closely with our 3rd parties and partners in assessing and driving their compliance to our control standards.
- You`ll be assisting the Security Compliance Lead and Information Security Manager in developing our security & compliance strategy, ensuring its relevance to us and further ensuring it is in line with established industry standards and legal & regulatory requirements.
- Working with the Information Security Manager and Risk & Business Continuity Manager, you will prepare a security compliance dashboard for discussion and review at our monthly Risk Board.
- In addition, you will be working cross functionally across our business to ensure all business programmes, projects and activities enhance and do not hinder security compliance levels.
- Monitor compliance against security policies and processes & standards.
- The Security Compliance Specialist will assist in the development and implementation of the control frameworks to meet business and regulatory requirements (Legal, DPA, PCI etc), from concept to implementation e.g. controls design, testing regimes and risk treatment plans
- Develop and manage our security compliance programme, metrics and dashboard for monthly business reporting
- Establish our current security compliance baseline and a 3 year rolling business plan
- Perform prioritised security compliance reviews (internally, third parties and partners) to assess compliance against established standards and legal & regulatory requirements
- Articulate findings, recommendations following each security compliance review in a business friendly report
- Monitor the progress of agreed recommendations through our Risk Board activity
- Work with our Group companies to ensure alignment in approach and share best practice
- Assess and monitor compliance against our security policies and processes
- Review activities performed by other internal Security teams to ensure an aligned approach to enhance the level of security compliance
- Remain current by attending industry events and represent Information Security Compliance and Governance in appropriate forums
The successful Security Compliance Specialist
- Significant, demonstrable, experience within a security compliance or security management role
- Proven experience of designing, managing and driving a security compliance programme
- Experience of proactively managing and driving business change through stakeholder engagement and management
- Security Certification such as CISSP, CISM, PCI QSA, certified ISO27001 Lead Auditor or CISA
- Being articulate and capable of explaining technical issues simply both verbally and in writing
- Self-starter with the ability to work independently when needed, and as part of a high performing team
To apply for the Security Compliance Specialist please send your CV to firstname.lastname@example.org
Project People is acting as an Employment Business in relation to this vacancy.