Position Overview:

To provide expert and professional information security compliance services to the City Facilities Management Holdings UK (CFMH) Group including contributing towards the evolution of the information security strategy and delivery framework, consulting to ensure that City’s information security position is well considered and achievable, using a risk based approach and based on recognised industry standards supporting City in taking pro-active approaches to preventing security breaches.

This role will also be responsible for monitoring compliance with the GDPR and other data protection laws, our data protection policies, awareness-raising, as well as training needs analysis. You will be the key point of contact for matters arising from Information Security and Data Protection compliance for the CFMH Group.

Principal Tasks and Responsibilities:

• Contribute towards the evolution of CFMH UK’s information security strategy and delivery framework (policies, security models, standards and procedures)
• Provide relevant and proportionate advice to CFMH UK Operations Board regarding information security and data protection needs
• Engage with industry experts to ensure awareness of latest best practice and likely trends with regards to security threats
• Manage the on-going information security risk catalogue, help identify appropriate mitigation measures and drive their delivery to ensure the security of our information and services with key stakeholders such as the Head of IT Security
• Liaise with key stakeholders to prioritise security initiatives and spending required to mitigate risks identified and use continuous improvement principles to ensure the evolution of our information security delivery framework
• Define and manage the annual information security business plan including testing and reviews, risk assessment activities and additions to the information security delivery framework, e.g. policy updates
• Identify the relevant data protection activities in response to changes in the Data Protection Act such as the EU GDPR
• Liaise with key stakeholders to prioritise data protection compliance initiatives and spending required to implement
• Perform security risk assessments to establish proportionate risk for CFMH with a view to advising any relevant enhancements to the information security delivery framework
• Manage the information security incident response procedure with all relevant parties on behalf of the CFMH Operations Board
• Implement a regular timetable of information security and data protection compliance monitoring and tests, taking appropriate steps to mitigate any risks discovered
• Assist with the development of CFMHs disaster recovery and business continuity plan
• Advise on IT and non-IT related information security risks identified, working closely with the Head of IT Security and other business areas to ensure that robust plans and enhancements to address these risks are determined and implemented
• Monthly management reporting to the CFMH UK Operations Board regarding:
  • Performance of the information security annual business plan
  • Residual information security risk and compliance exposure
  • Data protection change activities and compliance monitoring
• Working with the Risk department to ensure that appropriate information security risks are identified, appropriately recorded and highlighted, where relevant, for discussion within CFMH’s risk forum
• Initiate, facilitate and promote activities to foster information security and data protection awareness across CFMH UK Group and its suppliers
• to co-ordinate and drive forward to completion of key tasks as per the GDPR project plan
• to advise on, and to monitor, data protection impact assessments
• to cooperate with the supervisory authority on Data Protection
• to be the first point of contact for supervisory authorities and for individuals whose data is processed (colleagues, customers etc)
• to manage compliance with the GDPR and other data protection laws as well as our data protection policies
• to manage any activities relating to GDPR compliance such as awareness-raising, training needs analysis, breach management and data protection query resolution
• Provide assistance in business development bids, PQQs and ITT responses

Candidate Profile:

In order to be considered for this position you will maintain:

• Degree level qualification or equivalent experience in Information Security or IT field related subject
• Demonstrable knowledge of ISO 27001, Data Protection Legislation, EU GDPR
• All areas of information security such as operations, physical and IT service
• Experience in information security governance, policy and procedure definition, project management
• Commercially aware
• Excellent verbal and written communication skills
• Pragmatic and flexible approach
• Can-do attitude
• Excellent interpersonal skills

Desirable:

• CISM or CISSP certified
• Managing 3rd parties
• PCI-DSS
• Cyber security essentials