In a Nutshell
Reporting to the Head of Information Security the Information Security Officer will be responsible for acting as a subject matter expert on Information Security across the entire organisation and growing global customer base.
Provide focus on security topics and continuous improvement for security across multiple locations.
- Support a high functioning information security in multiple locations
- Help drive a security culture, working to continually improve in accordance with business requirements
- Proactively refine an information security framework and best practice ways of working into teams across the business to develop maturity around approach and understanding security responsibilities and principles.
- Work with a network of external partners to optimise the service model
- Support the delivery of effective governance and reporting across the information security function as well as any projects/actions/issues
- Maintain proactive and regular interactions with senior client representatives.
- Support all information security initiatives
- Identify and address gaps in information security
- Provide guidance in terms of technologies, techniques, and methodologies for Information Security
- Develop (where necessary) and maintain ENSEK’s information security policies, processes and procedures.
- Facilitate Information Security training and support for Learning and Development
- Support the Information Security Impact Assessments (ISIAs) and ensure that all necessary updates to existing ISIAs take place as appropriate
- Act as the primary contact for notification of incidents and breaches
- Coordinating security improvement working groups
- Involvement in client bids and tenders, as well as ongoing due diligence in respect of all suppliers and business partners.
- Assure all aspects of ENSEK security and privacy with security frameworks (e.g. ISO27001, PCI DSS, NIST).
- Supporting an audit service, leading the internal and external audits as part of a wider and regular audit programme
OTHER RELEVANT DUTIES
- To ensure compliance with required training and any associated documentation
- To maintain a broad understanding of practices and developments relevant to the energy sector and your area of specialism
- To promote and maintain a positive, results orientated work environment, building partnerships and teamwork across ENSEK
- The position may involve other duties appropriate to the role
- Security qualifications and certifications (such as CISSP, CISM, CISA or equivalent) and ITIL service management qualifications.
- Experience of security audits – ISO 27001, SOC1, SOC2, PCI-DSS and others
- Experienced Information Security Officer, understands and appreciates intricacies of security and leading troubleshooting situations
- Confident in the use of security tools and techniques that are appropriate for the situation, partnered with dynamism and flexibility to achieve the right outcomes
- Expert in reporting and communication security reports and processes to business stakeholders and other resources
- Proven experience in working for a fast-paced product-led tech business
- Confidently manage stakeholder expectations
- Experience of implementing security capabilities including structure, procedures and best practice
- Experience of working in complex, multi-priority matrix organisations, with expertise dealing with both technical and other stakeholders
- Take a collaborative approach and foster strong working relationships across other departments within ENSEK
- Ability to drive and respond quickly to changing demands
- Willingness to work in a fast-moving matrix environment and values the importance of teamwork
- Ability to demonstrate discretion and handle confidential information sensitively.
- Excellent communicator with the ability to influence senior decision-makers across the business
- Strong stakeholder management and influencing skills, demonstrating outstanding levels of diplomacy and tact
- A flexible attitude and able to thrive in a high pressure environment
- Proven ability to manage multiple third-party supplier relationships
- Successful track record of working within geographically diverse functions
- Take personal responsibility for organising day to day workload.
- Work independently and proactively.
- Experience in Energy/Utilities would be advantageous but not essential