The Business Information Security Operations Lead (BISO) performs a critical role in the maintenance and implementation of security for the whole organisation. A senior role reporting directly to the CISO, the BISO is creative and innovative, capable of thought leadership, and is able to build strong and long-lasting relationships with key stakeholders throughout the business.
·Job Title – Business Information Security Operations lead
·Location – Bury, BL9 8RR
·Working rota – Monday to Friday
·Working hours – 40hrs per week
What You'll Be Doing:
* Help the organisation to adopt a risk-based approach to good security practice.
* Create an Information Security Management framework and communication strategy to help drive Information Security awareness.
* A successful BISO must possess strong communication skills in order to provide clear and concise advice and thought leadership across a global multidisciplined, diverse organisation. The BISO must demonstrate:
o Strong written and verbal communication skills,
o A collaborative approach with the ability to provide consultative guidance and mentoring,
o The listening skills, understanding and empathy to capture the needs environments and challenges experienced by the various business entities within JD Sports,
o Clarity of purpose with strong planning skills and a goal orientated approach to implementation,
o Ability to persuade and motivate individuals and teams, outside of Information Security to engage closely and take the right action to protect JD Sports’ information assets and harden the organisation’s security posture.
* The Business Information Security Officer provides thought leadership based on a deep knowledge of Information Security tools, technology, processes, standards, and trends. These skills coupled with strong relationship building abilities enable the BISO to:
o Communicate the criticality of risk management and information security to driving confidence to transact, while protecting against regulatory non-compliance, reputational, damage, and financial loss,
o Work collaboratively with business owners within the various business entities in order to correctly identify strengths, weaknesses, vulnerabilities, and opportunities for improvement,
o Formulate clear recommendations, drive governance strategies, and influence business, stakeholders and technology stakeholders at all levels.
o Drive continuous improvement in the adoption and exploitation of good information security practice across the business.
o Provide consultative advice and hands-on assistance in developing and refining information, security budgets.
* Develop a clear understanding of JD Sports, its various entities (business units, subsidiaries, partners, and interdependent entities) so that the need for and applicability of information security controls can be established.
* Articulate JD Sports’ Information Security policies, standards, processes, and strategy to build understanding and buy-in from the business owners enabling them to engage with information, security, and consume information, security controls and services.
* Help ensure that information security requirements are considered at the earliest phases of a project, so that the capabilities and services that drive JD Sports’ business have security and information protection built in as standard.
* Understand current investments in information security technologies so that the organisation can exploit the full potential of the available tools.
What We're Looking For:
* Ability to advise, guide and inspire adoption of Information Security and Risk Management best practice resulting in an increasingly robust security posture.
* Proven track record of developing people and relationships.
* Ability to extract clarity from fast-paced, evolving scenarios by helping to clarify the inevitable ambiguity arising within a large, complex, and interdependent organisation.
* Ability to articulate goals, achievements, risks, expectations, and needs to individuals and teams at all organisational levels.
* Ability to formulate and help deliver information, security and risk management, training and awareness programs in collaboration with HR.
* Demonstrable experience of a wide range of technology security solutions and controls, including hybrid cloud and on-premise security capabilities.
* Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700X, NIST, CIS, the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (COBIT), Critical Security Controls for Effective Cyber Defense, or the ISF Standard of Good Practice / IRAM2.
* Participate in the timely provision of security oversight, advice, and support to multiple and complex projects within a global technology environment.
* Awareness of various operating systems including but not limited to Windows, Linux, Unix.
* Awareness of Database technologies (SQL, Oracle, DB2, Mongo) and associated controls optimised for their protection.
* Awareness of security controls in widely used technologies e.g., MS Office 365.
* Awareness of Incident Management and Response tools - IBM Resilient, Remedy, Remedy CMDB.
The Company:
The JD Group is a leading omnichannel retailer of Sports Fashion, Street & Premium Fashion, Outdoors and Gyms with over 60,000 colleagues over 3,400 stores across several retail fascia's in over 30 markets around the world.
We are an equal opportunities employer who embraces and values differences. We recognise the importance of an inclusive workplace culture in which everyone can thrive irrespective of their background or identity.
To be a part of this successful and continuously growing company, you will have the desire to ingrain our strategic goals of being a people first, a digital leader and customer focused organisation which provides operational excellence and is continuous with identifying new areas of growth into our day-to-day.
Interested?
If you are interested in this position, then press the Apply Now button.
Due to the high volumes of applications our opportunities attract, it takes time to review them all. If you don't hear back within two weeks of your application, please consider your application to have been unsuccessful on this occasion.
Applications that meet the skills criteria will be contacted for a 1st stage meeting with the talent team. Shortlisted candidates will then be invited to interview with the hiring manager.
#LI-JP2
#J-18808-Ljbffr