Details:
- Salary: £700 - 1,000 - Day
- Location: London
- Date: 1 month ago
Description:
Head of Cyber Security, Risk & Controls
Location: Remote (Occasional travel to London)
Contract: Inside IR35
Day rate: Up to £1000 per day
Duration: 6 Months
Start date: ASAP
We have an opportunity with one of the UK’s biggest Retailers who have a network of branches nationwide.
The role of Head of Cyber Security, Risk & Controls is a key role within the team responsible for ensuring that the security and integrity of the on-premise platform can be relied on by their workers.
Principal accountabilities
• Operate as the subject matter expert for Security Controls for the IT team in the triage, investigation, remediation, audit and assurance.
• Create security controls related designs that align to IT security standards and architectures within the organization.
• Assure and audit the development/configuration activities done by third parties and audit existing design and configuration of Security Controls, engaging with third parties to undertake this work as appropriate e.g. Specialist technical/security partner.
• Govern security control designs and updates to the Platform, working with broader IT and business teams as required.
• Advise on development and testing of IT security control changes, providing expert knowledge to support decision making and ensure all involved parties are aware of the access control considerations.
• Understand the business and technical needs for security controls, and support the application of these through challenge, feedback, and audit
Knowledge, experience and skills
• Ideally CISSP or other similar security qualification
• Experience of ITIL (in particular Incident Management and Major Incident Management)
• Extensive knowledge of IT security controls technical and process best practice including current frameworks and standards such as ISO27001 and COBIT.
• Demonstrable skills in leading the design and implementation of Security Controls for environments with complex IT systems with high security requirements.
• Experience of undertaking technical audit and assurance work, ideally within a regulated environment
• Practiced at managing technology issues and risks able to deliver a responsive, reliable, manageable and secure technology solution