Head of Information Security take responsibility for information and cyber security across the entire UK enterprise. There are two direct reports, supporting Information Management and Cyber Security analysis. This is a hands-on role working closely with the Infrastructure teams to continue on-going improvements in architecture and simplification of environments to improve our ability to protect all aspects of our business.

THE JOB ROLE.
The definition and execution of the information and cyber security strategy for in-line with Group strategy, standards and policy. The setting of policy and procedures defining the Information Security standards In-line with Group best practise. The day-to-day governance of information and cyber security. The compliance of the organization to GDPR in relations to IS&T systems and processes. The compliance of the organisation to its certified standards (ie ISO27001, Cyber Essentials Plus). The alignment of infrastructure strategy and approaches to meet security needs. The assessment of risks and security activities/metrics to ensure standards are met and improved. The addressing of identified risks and issues - protecting the business from their realization.. The governance of Group controls around IS&T services and processes across the IT function

This role works closely with regional and global security leadership, maintaining a focus on continued improvements and meeting of our global security standards. This included dealing with urgent challenges and vulnerability incidents (eg Log4j).

On the technology side these are the systems that we are using. Tanium - Asset, Patch and Deploy modules.. CrowdStrike Falcon - EDR. Qualys - Vulnerability Management, Detection and Response and Web Application Scanning. ForcePoint - Global Proxy. Trend - ApexOne (Serum) - Workstation Anti-Virus/Anti-Malware. Trend - Deep Security (Bio-Medic) - Server Anti-Virus/Anti-Malware. IBM Resilient - Group Incident reporting and management. OneTrust - Privacy, Security, Governance (eg Risk Management, Cookie Compliance). OKTA - Authentication. These are the systems we are using internally. FortiGate, FortiNet, FortiWeb, FortiAnalyser. LanSweeper. Sophos Mobile Management (Changing to Group solution, InTune, this year). Nessus Pro - Vulnerability Assessment. Burp Suite. OWASP Zed Attack Proxy (ZAP)

These are the standards and frameworks;. ISO 27001. Cyber Essentials/Cyber Essentials +. NIST Cybersecurity framework. CIS Controls. OWASP. Mitre Att&ck. PTES (Penetration Testing Methodologies and Standards)