Laing O'Rourke has set ambitious targets to transform its business. Our deliver 2025 mission is to become the recognised leader for innovation and excellence in the construction industry which extends into our 2030 purpose to push the boundaries of what's possible, in service of humanity. To achieve this will require exceptional information, technology and data capabilities to enable all parts of the Laing O'Rourke business. Position Purpose: A significant portion of the construction projects Laing O'Rourke deliver are performed as joint ventures (JV) between two or more companies. These collaborations require ever larger volumes of data to be created, stored, and shared for every project which has generated additional focus on the cyber security controls and measures in place for these joint ventures. The Works Information Packs for each joint venture now include several tasks that Laing O'Rourke need to complete to meet contractual obligations. These include, but are not limited to, regular monthly cyber security status reports, managing the quarterly cyber security management plan, defining the cyber security strategy for the JV, identify and manage cyber risks, manage supply chain cyber risks, alignment to cyber security policy and managing the relationship between Laing O'Rourke Cyber Security team the JV partner and the IT delivery teams. Key Accountabilities: To own and manage the Project / JV information security strategy and plans. Understand potential and emerging cyber security threats, vulnerabilities, and control techniques and the trade-offs required to manage the different levels of risk appetite and risk exposure throughout the supply chain for third party vendors. To liaise with JV / project business stakeholders to manage the supplier and vendor risk assessment and remediation throughout the project lifecycle (and required governance gates). To identify and manage cyber risks for the Project / JV and overall cyber supply chain and third-party risks. To manage compliance requirements for cyber security for Joint Ventures e.g., Essentials 8, GDPR, Cyber Essentials, ISO27001. To champion alignment to and implementation of the "NCSC Information Security Best Practice Guidance for Joint Ventures in the Construction Sector." To establish and maintain the relationships between Laing O'Rourke Cyber Security team, the JV partner and the IT delivery teams, and facilitate coordination where necessary. To ensure that specific Cyber Security tasks defined in the Project / JV information pack are adhered to and ensuring that IT governance is included in JV master contracts To provide monthly & quarterly cyber security status reports for the Project / JV. To ensure ongoing alignment to Laing O'Rourke's overall cyber security strategy, risk and control framework and assurance process. Monitor cyber security trends and evolving technologies; liaise with external partners, agencies, and peers to ensure that the business maintains a strong, proactive security posture. Liaise with JV partners IT department to determine their cybersecurity baseline and provide a risk review to the Deputy CISO Key Responsibilities: Internal: Reports to regional Cyber Security Risk & Compliance Manager Group CISO Deputy Group CISO Cyber Security Operations Lead Head of Group IT Architecture Head of IT (Europe and Australia Hub) External: Technology product and service vendors Cyber Security Industry Forums and peers Regulatory and Compliance Governance Bodies Project / JV Managers / Digital Engineers Desired Capabilities & Behaviours: Excellent written and verbal communications skills with the ability to communicate security and risk-related concepts to technical and non-technical audiences. Excellent stakeholder management skills including collaboration and conflict management. Strong demonstrated knowledge of cyber security technologies, enterprise systems, cloud solutions and generally accepted cyber security principles and accepted industry practices. Experience with common information security regulations, certifications, and management frameworks, such as UK Cyber Essentials, European GDPR, Australian Essential 8, National Institute of Standards and Technology (NIST) and ISO 27001. Experience with implementing large-scale projects throughout the project lifecycle, including preparing required documentation and progressing through governance gates up to delivery. Knowledge and understanding of information risk concepts and principles as a means of relating business and project needs to security controls. Ability to interface with, and gain the respect of, stakeholders at all levels and roles in the business. Ability to work on own initiative and as part of a global team across multiple countries, cultures, and time-zones. High levels of self and organisational dynamic awareness to work with different teams. Planning and Strategic Management. Business acumen: Have a deep understanding of the Laing O'Rourke business, its goals and mission. Education & Experience: Minimum 4 years of experience in a combination of risk management, enterprise information security and/or cyber security functions. Proven track record and experience in project management and delivery of large projects, with strong stakeholder management and communication skills with senior business stakeholders. Proficiency with security frameworks, standards and best practices for compliance (NIST, ISO27001, Cyber Essentials, Essential 8). Knowledge of best practices of IT security hardware and software, security suites, identity and access management, and encryption. CISSP, CISM, CISA, CRISC, ISO27001 Internal Auditor or Lead Implementers strongly preferred. Project Management Professional (PMP) or related project management certifications preferred. Strong interpersonal and communication skills, and problem-solving abilities. We want to ensure our recruitment process is accessible to all. If you need the application form in an alternative format or you would like to know more about our recruitment process, please email resourcingteamlaingorourke.com