Information Security Officer - Major Travel Group

9-5 (can start at 8:30 and finish 4:30) *Early finish Fridays

Responsibilities

The Information Systems (IS) Security Officer will be responsible for overseeing information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks. This individual will be an integral part of the IS Department reporting directly to the Head of Information Systems to help improve and communicate the maturity levels of information security, state of cybersecurity and IT risk practices across a single campus, consisting of 550 staff.

Level Scope

Responsibility for formulating and administering policies and programs, managing human, financial and physical resources and functions with a very high degree of autonomy. Frequently influence business decisions made by senior leadership, overseeing the stewardship of resources and the development of systems and procedures to protect assets. Negotiates and influences others to understand and accept new concepts, practices and approaches.

This role is an excellent opportunity for candidates who have a strong understanding of IT infrastructure and information security (primary skill) and enjoy working in a fast-paced and ever-changing environment.

Experience:

• Experience of operating in a high growth environment, with exposure to a range of information security technologies and frameworks
• Experience of cloud services and potential security problems with cloud deployments
• Experience with the development, deployment, and automation of cloud security solutions in an enterprise environment
• Experience in assessing the effectiveness of information security measures, identifying and mitigating potential risk exposures
• Experience in carrying out audits to ensure that IT security practices, controls and systems are effective, identifying areas for improvement
• Experience in coordinating the continuous development, implementation and updating of IT security policies, processes, procedures, plans and baselines in compliance with relevant regulations and standards for information systems
• Experience in developing Incident Response Plans to detect, respond to and limit the effects of an Information Security event
• Experienced in coordinating information security incident response and reporting for events or exploited vulnerabilities including unauthorized system or network access, denial of service, inappropriate data access, data corruption, and/or collection of private or confidential information
• Experience with the development of educational programs in the area of cybersecurity awareness
• Detailed knowledge of the processes, tools and techniques of information security management, ability to deploy and monitor information security systems, as well as detect, resolve and prevent violations of IT security, to protect the organization's data and systems
• Experience in providing technical or business guidance to senior management; ability to apply this knowledge appropriately to diverse situations
• Knowledge of IT processes and controls and strong understanding of risk and control frameworks such as CoBIT, ISO, PCI
• Knowledge of information security regulatory requirements and standards such as Cyber Essentials, ISO 27001/2, NIS

Abilities:

• Ability to identify and demonstrate up-to-date knowledge and understanding of the information security threat landscape and associated countermeasures
• Ability to conduct complex security incident investigations; prepare written findings, recommendations and follow-up evaluations; and analyze patterns and trends
• Ability to ensure standards and parameters for any systems on the network are correct and as close to flawless as reasonably can be expected
• Ability to act decisively in critical situations
• Ability to make decisions with confidence and show initiative
• Ability to work effectively under pressure and meet tight deadlines
• Ability to provide in-depth analysis of complex problems, managing risk and providing timely and accurate decisions to solve problems
• Ability to balance the interests of the various stakeholders
• Ability to handle high levels of pressure and exhibit critical decision-making
• Ability to act decisively in critical situations or to circumvent potential problems

Education: Preferred degree or higher level further education.

Essential: Certifications in information security including but not limited to: Cyber/Information Security such as Certified Information Systems Security Specialist (CISSP), Certified Information Security Officer (CISM), Certified Information Systems Auditor (CISA), Certified Cloud Security Professional.

Experience:

A minimum of 5-7 years work experience in a growing and challenging environment.

Personal Skills and Attributes:

• Communication: Proactive worker, able to operate at both strategic and operational levels, who is commercially astute with exceptional communication skills at all levels.
• Communication: Strong verbal and written communication skills, especially involving technical documentation and report writing
• Ethics & Integrity: Operates with unquestionable integrity and fosters an ethical, values-driven culture
• Results-driven: Pro-active and energetic, with excellent attention to detail
• Calmness under pressure: Pro-actively manage multiple projects, tasks, and priorities
• Stakeholder management: Strong communication skills, as well as the ability to adopt communication styles to suit different audiences
• Accountability: Takes clear ownership and accountability for assigned projects and tasks and is focused on consistently delivering a high-class service to stakeholders
• Organizational skills: Attention to detail and multi-tasking skills
• Team worker: Listens to others and takes their ideas on board

This job description is intended to reflect the post holder’s duties that would normally be expected to be undertaken. Owing to the nature of the post, the above duties are not exhaustive, and the Company may require you from time to time to undertake additional duties within your capabilities.