Information Security Manager

CH&Co Group
Head Office - Reading
15 Mar 2019
11 Apr 2019
Job Function
Food & Beverage
Contract Type
Full Time

We are CH&CO, a group of chefs, nutritionists and people pleasers with a shared passion for food that fuels emotional positivity as well as physical wellbeing. In a world where what we consume is becoming ever faster and more disposable, we’re proud to take a more thoughtful, mindful approach to the food experiences we source, prepare and present.

Role Purpose

The Information Security Manager (ISM) will be the focal point for all CH&Co technology related data and system security matters.

The ISM manager will provide design support and consultancy to achieve appropriate accreditation along with the development, implementation, adoption, governance and enforcement of IT security policies. To ensure all confidential and sensitive data is managed and protected within defined guidelines, including that managed by external partners and suppliers. To manage any breaches or potential breaches or attempts to access systems illegally or inappropriately ensuring appropriate action is taken.

Role Description

Develop, maintain, publish, and ensure compliance to the IT information security standards, policies and guidelinesProactively protect the integrity and confidentiality of information in the custody of, or processed by, the company or its partners and agenciesProvide reports to the IT Director regarding the effectiveness of network and data security and making recommendations for the adoption of new procedures and technologies as requiredManage and monitor the intrusion detection mechanisms, firewall logs, and other relevant reports to mitigate computer hacking and any other unauthorized and suspicious activityEnsure the development and maintenance of firewall configurations to ensure appropriate security change management policies are being maintainedTo take a leadership role in the event of any breach of security, working with the appropriate internal teams and external agencies to address consequential issues as well as identify the causes of the breach, determining whether the cause was an unforeseen incident or caused by a defined failure internally or by partner breach of securityTo work with IT and Project management teams to perform information security risk assessments on an agreed basisDefine a security profile for each system and data library, implementing or modifying any appropriate security policy

To carry out (with partners) penetration and vulnerability testing on all internal and external CH&Co systems regularly and address any highlighted issues

Personal Attributes

Excellent attention to detailEffective relationship building skills

Excellent communication skills (both interpersonal and written).

Responsive to customer needsGood communicator capable of articulating security issues to non-IT staff

A self-starter with a friendly, open demeanour and genuine enthusiasm for user support and training

Proactive, positive team player

Motivation to learn new technologies and seek continued learning through professional development

Strong leadership skills including effective time management and prioritisation skills

Aligned to ITIL and strong leaning towards CSI

Excellent organisational skills

Ability to understand business needs

Ability to analyse and understand complex issues and create solutions

Have security experience in a mixed core and web site environment

Demonstrate the ability to manage a complex security environment

Have ability to manage 3rd parties to ensure that they deliver projects to time and budget

As and when required, able to work at short notice to support any urgent situations that may arise in the business

Experience of working in a high paced environment and successfully handle multiple tasks simultaneously

Review and work with clients on security agreements and ensure the appropriate agreements are in place

Desirable Experience and Qualifications

Qualifications such as CISM, CISA, CISSP and CRISC are desirable

Strong Information Security knowledge (preferably with at least 5 years of experience)

Strong knowledge of the PCI DSS standard and how this is practically applied in a complex outsourced environment

Experience of having implemented / maintained a PCI - DSS compliant environment and having gone through the audit process

Knowledge of ISO27001, ISMS and ISO22301 Business Continuity

Practical and current knowledge of information security threats, countermeasures, mitigation and industry best practices

Experience of conducting information / cyber security audits

Excellent communication and report writing skills

Experience at the organisation and management of meetings

Experience with various vulnerability scanning tools and services

Experience with digital certificate technology including SSL encryption and key protection

Experience with best practices for data protection including file encryption, session encryption, multi-layered authentication

Experience with current information security technologies, resources and systems

Highly experienced in access controls, firewalls, intrusion detection systems, and overall knowledge of computer security systems


Similar jobs

Similar jobs