Key Responsibilities and Accountabilities Assist and advise the Group Information Security Manager regarding:
Risk Analysis and Remediation
- Proactively seeking out the most effective means of monitoring information security related activities, by use of existing tools, or the investigation of new tools and methods
- Developing and adopting appropriate Risk Assessment methodologies to ensure we are correctly prioritizing the risks we have identified
- Assist in the monitoring and resolution of all Information Security issues as they occur, driving through forensic investigation and remediation as appropriate
- Feedback all lessons learned into Operational and/or Governance systems
- Drive and support information security related change in Operational teams
Governance
- Advice on appropriate security posture (approach, risks, technical measures, awareness) from the point of view of the business (both overall and specific teams)
- Assist with driving cultural change in the organization by helping people understand risks and make better choices to address enterprise security weaknesses
Communications
- Responsible for working with BMS and IT teams to communicate to the business and IT on known threats and best practices for information security, as they evolve
Operational
- Advice on all requirements around information security and appropriate use of specific systems or services, both those provided by IT or as required by the business, including projects with special security requirements and setup
- Acting as a point of contact for Information Security champions within operational IT teams, advising on appropriate responses, escalation as required.
- Supervise the development of and relationship with the (planned) Security Operations Centre
- Help to ensure that risk is measured and understood effectively by operational teams
- Penetration testing and vulnerability assessments
- Assist with prioritisation of security controls and remediation
Architecture
- Review and recommend tools and processes for managing information security around new and existing systems
- Price out solutions and advise on the best risk solution portfolio.
- Identify, review and evaluate technology risk
- Input to design choices for new systems to ensure security is addressed appropriately
- Scan and provide feedback on new products and risks to inform management strategy
Formal Education and Certification:
- Bachelor's degree or equivalent work experience
- Security related Certifications
Knowledge and experience required:
- Demonstrable experience of business operations and processes in a large multinational or global organisation
- In-depth understanding of the Office 365 platform and Microsoft Windows Domain environment
- In-depth understanding of modern cloud and network technologies and protocols
- Demonstrate appreciation for user-centred design, experience, and usability
- Experience with mobile applications
- Working knowledge of international data privacy, data residency, and information security requirements
Personal Attributes:
- High degree of understanding of the evolving global and internal IT environments
- Knowledge of all Threat areas (deliberate, accidental, internal, external)
- Extensive experience of the ISO 27001 Information Security Management framework
- Understanding of Cyber Essential Plus and similar government security standards
- Excellent interpersonal skills: writing, speaking, listening, persuading and influencing and collaborating
- Ability to foster motivation and encourage meeting of tight deadlines
- Superior analytical, evaluative, and problem-solving abilities
- Ability to learn new things quickly, to thrive on change, navigate ambiguity, and to strive for continuous improvement
- Understand the importance of managing change and its impact on individuals and the business
Equality, diversity and inclusion
We put equality, diversity and inclusion at the heart of our business, seeking to promote fair employment procedures and practices to ensure equal opportunities for all. We encourage individual expression in our workplace and are committed to creating an inclusive environment where everyone feels they have the opportunity to contribute.
If you have a disability and would prefer to apply in a different format or would like us to make reasonable adjustments to enable you to apply or attend an interview, please contact us at reasonable.adjustments@mottmac.com and we will talk to you about how we can assist.
Agile working
At Mott MacDonald, we believe it makes business sense for you and your manager to choose how you can work most effectively to meet your client, team and personal commitments. We embrace agility, flexibility and trust.
