Royal Mail
,
London, Greater London
Information Security Lead - Cyber Security
|
Job Type: Full-time |
---|
Overview
Job reference number 119779 Information Security Lead - Cyber Security Full time Permanent Royal Mail Farringdon Job Purpose RMG Cyber Security Operations primary functions are to protect information assets and detect, analyse and respond to security information and events. In support of these objectives RMG Security Operations are looking to augment their existing team through the addition of an Information Security Lead. Your role is to provide credible information security advice and guidance to projects, suppliers and business stakeholders within RMG. You will also be required to support the development of security architectures and patterns, policies, standards and participation in governance and decision-making forums. As directed by Cybersecurity leadership, this may include: Leading on provision of cybersecurity advice and concurrence to IT projects Conducting threat modelling and security impact assessments Specifying high level and detailed security requirements Leading and conducting the review of conceptual, logical and physical solution designs Requesting and supporting vulnerability assessments and risk remediation Lead and support evaluation of technology products and proposals Key Accountabilities Strategic Focus . Subject-matter expertise to the delivery of projects and workstreams in support of business projects and ensure that risks are reported and assessed in line with the Board’s Risk appetite. Stakeholder management . Able to engage and influence stakeholders across the business with the ability to explain complex issues in simple language, and to lead the adoption of secure technologies. Provide subject matter expertise and advice to RMG stakeholders on updates to policy, standards, and processes for information security and protection, to align with organisation priorities and risk appetite. Supply chain assurance . Able to advise on and manage SaaS and PaaS contracts and to support the incorporation of these seamlessly into RMG’s own capabilities. The role holder will provide key support to others’ procurement activities as part of change programmes or BAU. Effective Security Advice . The role holder will ensure that RMG projects and programmes receive timely, accurate and pragmatic security advice that position security as a business enabler not a compliance function. Provide subject matter expertise in governance forums to enable informed decision making on information security aspects of technical implementation projects. Ability to innovate. This role requires creative thinking that can lead the development of security solutions which leverage vendor, opensource and RMG developed technology applications and infrastructure. This needs to be done in sympathy with agreed budgets and timelines. Participate in the management of security technologies and processes in support of RMG risk management. Facilitate and contribute to improving the maturity of RMG Security Controls through continuous collaboration with suppliers and other RMG business areas (e.g. Security Operations, Infrastructure and Service Introduction). Commercial awareness. The role holder must use their professional curiosity to understand RMG’s revenue generating business lines and their supporting functions, and lead on the development and implementation of appropriate security in support of their business goals. Key dimensions Influencing Skills and judgement . Strong influencing and negotiating skills to build trust and confidence at all levels in the Group and using judgement to make risk based recommendations and decisions within parameters. Analytical Skills . Strong analytical skills and the ability to see the big picture and apply the relevant detail to it. Ability to cut through the noise and provide clear and appropriate recommendations in support of business goals. Communications Skills . Demonstrable ability to clearly represent the security implications of technology use and adoption to the business in both verbal, written, and presentational form and to make recommendations for action that enable senior leaders to take good informed decisions Clear ability to innovate and tailor messaging and delivery methods for different audiences. Commercial empathy . Able to understand the business and empathise with its leadership so that Security measures are reinforcing business aims and user experience, not running counter to them. The role holder must be able to do this without going native as they will be required to overcome inertia and resistance to change. Technical expertise . The role holder must be credible in terms of technical knowledge. This does not need to be deep technical or significant developer experience, but sufficient to engage in detailed discussions and drive the work of team members with greater specialist knowledge. The role holder must be able support RMG towards a SecDevOps environment in tandem with the CTO’s drive towards a greater DevOps capability. Key competencies: Expert knowledge of Cybersecurity practices. Expert knowledge and understanding of technology procurement and vendor technologies. Sound understanding of Software development practices and Secure Development Lifecycle (SDLC). Demonstrable experience of providing security advice in complex business environment. Demonstrable understanding of current and emerging technologies and their security features, together with experience of securing legacy systems approaching end of life. Working knowledge of data management, data security and the demands of GDPR and the UK Data Protection Act. Agility of thought and comfort with complexity, together with the patience and resilience to overcome change inertia. The will to succeed in support of the business’ goals and to align potentially competing agendas to effectively manage Cybersecurity risk within the business risk appetite. Qualifications Recognized security related qualifications (e.g. CISSP, CISM, CRISC, CISA, CIPP) Any relevant Security Operations certifications e.g. SANS, CompTIA, GIAC, CEH, OSCP. ITIL or related qualifications a bonus. We are an inclusive employer with equality, diversity and fairness at the heart of our values. We welcome applications from individuals from all different backgrounds and are committed t