Role Title: Security Advisor (IT Security & Cyber)
(Anticipated average time commitment of six to eight days per year, although flexibility is required depending on the needs of the business)
Reports to: CEO (Chairman of the Security Advisory Committee)
Located: London (with some travel to other locations)
• As the Subject Matter Expert in IT Security & Cyber Security, the successful candidate will be a non-executive advisor and principal external advisor on security for the organisation. The Security Advisor will oversee and advise on identified requirements for investment and/or operational change to comply with statutory legislation, industry good practice, changes within the international threat environment and customer expectations regarding security.
• The role will collaborate with senior management and, when required, with local site teams to advise on compliance with defined information and physical security policies and procedures.
• The Security Advisor’s purpose is to oversee the development of a strategic framework so managers and directors can execute operational procedures related to security and incident response. This framework needs to ensure compliance with the defined information and physical security policies and procedures and applicable legislative requirements. The role shall address the needs of the organisation’s data and physical property.
• Through review and analysis of audit reports and feedback; demonstrate the organisation is effectively implementing and managing information and physical security policies and procedures to ensure the organisation is compliant with applicable legislative requirements across all sites.
• Agree with the relevant stakeholders an assessment regime for organisation’s IT infrastructure and technology controls to promptly identify security vulnerabilities and work with group and local sites to develop remedial action plans.
• Provide guidance on compliance reporting against all relevant security standards and implementation of remedial action plans.
• Advise on commercially available tools and services so the management of security incidents and investigations of security breaches can be consistently applied. Any resulting assessment or damage control of breaches and protection measures can be implemented across the group in a consistent manner to protect the organisation against the risk of future breaches.
• Provide advice and support to senior management on all evolving security controls or threats which may impact the business. Review for the consistency and readiness of security and threat assessments.
• Actively contribute to regulatory or industry accreditation processes (gaining and maintaining the accreditations).
• Provide advice on internal/external security training programmes for security awareness and best practice.
• In the event of a major incident provide advice and guidance on security related matters and assist with any external agencies involved as necessary.
Qualifications and experience
• The Security Advisor will need to have relevant IT security experience and qualifications and substantial experience of working in a similar capacity.
• A subject matter expert on IT security management and have experience of developing, managing and delivering enterprise level security intelligence analysis solutions for cyber threat.
• An understanding of ISO 27001 & PCI DSS; experience of designing and implementing an Information Security and Data Privacy control framework is advantageous.
• The Security Advisor will need to fluent in English language; have strong reporting skills and have deep knowledge of Internet and Telecoms technology.