This is a senior leadership role responsible for defining and implementing the organisations approach to IT risk management, information security and cyber security across a large, geographically dispersed environment supporting a complex IT estate and multiple business systems.
Reporting to the Chief Information Officer, the role leads on identifying and responding to emerging security risks, ensuring appropriate controls are in place to protect organisational information assets, and supporting compliance with relevant standards and requirements.
The organisation operates across a wide footprint, with approximately 7,000 users across 900 locations.
Key responsibilities
1. Define and implement the IT risk management, information security and cyber security strategy
2. Develop and maintain an enterprise-wide information security programme
3. Develop a risk-based approach to threat identification, assessment and mitigation
4. Lead security incident response planning and investigation activity
5. Take responsibility for security considerations in supplier selection, products and contractual arrangements
6. Lead and manage the security function, including specialist partners and providers
7. Establish and lead appropriate security governance forums
8. Provide clear and measurable reporting on ...