Security Risk and Compliance Specialist - Contract - Berkshire

Security Risk and Compliance Specialist - Contract - Berkshire

Working for a leading Mobile Telecommunications brand on a contract basis in Berkshire, this is a pivotal role in developing and managing the security compliance assessment programme internally and for key 3rd parties and partners.

This role forms part of the Risk and Security team and is accountable for all aspects of security governance and security operations across the business. They are responsible for managing Information Security, Corporate Risk Management, Business Continuity, and Compliance. This includes setting security policies and standards and providing guidance on their implementation, facilitating compliance with security legislation and standards, managing security incidents and investigations, providing application and infrastructure security monitoring, testing and assurance, access control assurance for critical systems, and security training and awareness.

• You will be assessing risk and compliance against established security standards, ISO27001, PCI-DSS and ND1643 Interconnect Standard and support the information Security manager in driving a security risk and compliance programme.
• You will be responsible for delivering and reporting on the status of IT risk and audit recommendations raised by Group and partners as part of our security risk and compliance programme, including Pen Tests.
• You will work very closely with our 3rd parties and partners in assessing and driving their risk and compliance to our control standards.
• You'll be assisting the Information Security Manager in developing our security risk & compliance strategy, ensuring it`s relevance and further ensuring it is in line with established industry standards and legal & regulatory requirements.
• In addition, you will be working cross functionally across our business to ensure all business programmes, projects and activities enhance and do not hinder security compliance levels.
• Monitor risk and compliance against security policies and processes & standards and address vulnerabilities
• Assist in the development and implementation of the control frameworks to meet business and regulatory requirements (Legal, DPA, PCI etc), from concept to implementation e.g. controls design, testing regimes and risk treatment plans
• Develop and manage our security risk and compliance programme, metrics and dashboard for monthly business reporting
• Perform prioritised security risk and compliance reviews (internally, third parties and partners) to assess risks and vulnerabilities against established standards and legal & regulatory requirements

Knowledge and experience:

• Significant, demonstrable, experience within information security
• Experience of designing, managing and driving a security risk and compliance programme
• Experience of proactively managing and driving business change through stakeholder engagement and management
• Security Certification such as CISSP, CISM, PCI QSA, certified ISO27001 Lead Auditor or CISA
• Being articulate and capable of explaining technical issues simply both verbally and in writing

Please apply via this site in the first instance or send a CV with covering note to Fred.Cope@Projectpeople.com

Project People is acting as an Employment Business in relation to this vacancy.