IT: Chief Information Security Officer (permanent)

Chief Information Security Officer - CISO

An exceptional opportunity for an experienced CISO to step into this newly created role within one of Europe's leading lights in the manufacturing sector.

The company distributes over 4.5m products and employs over 3500 people. They are experiencing a vast period of change and as such you will have a real opportunity to create and deliver a cohesive information security environment.

Reporting to the CIO, with Matrix management influence across all IT tiers including Development, Infrastructure and outsourced/third parties and regular liaison with other departments, you will initially be responsible for the establishment, enforcement, monitoring, testing, and continuous improvement of IT security policy across the entire group.

Main Accountabilities:

• Develop and enhance information security management, policy and best practice (including awareness/education of non-IT departments)
• Ensure information security strategy defines key attributes (eg quality, ownership, access, sharing, and reuse)
• Create/maintain a corporate risk assessment to document risks, controls and agreed actions, monitoring a reporting progress against same
• Define and enhance reporting requirements to measure security strategy progress against short, medium and long term goals
• Establish a cross-service Information Management and Security team to facilitate delivery of the strategy across the organisation
• Ensure security compliance requirements for customers and suppliers are met and maintained to required or higher standards
• Promote the importance of information security best practice to all departments, working with HR to educate staff and assess their improvement
• Work with Development and Infrastructure IT tiers to ensure new and existing corporate systems are designed, implemented and maintained securely
• Provide support and guidance to all departments to identify and mitigate their information security risks, acting as primary SMA for related regulations, legislation and frameworks
• Continuously maintain personal information security awareness and relevant certification/accreditations, regularly communicating changes to the business

Person Specification:

• Proven in-depth experience of ISO270001 and PCI DSS requirements and successful rollout of same
• Proven experience in business continuity, risk management, and incident management (all three preferred)
• Appropriate industry certification/accreditation (eg CEH, CISA, CISM)
• Demonstrable practical understanding and mitigation of contemporary information security threats (detailed technical or security product knowledge not essential, however a broad awareness is)
• Experience of data protection regulation and legislation, notably UK DPA and GDPR (experience of equivalent EU law advantageous)
• Comfortable interacting with all departments/seniority levels across the group, maintaining a strong risk/security focus whilst supporting corporate goals

Please get in touch ASAP so we can discuss the role in more detail

Chief Information Security Officer - CISO