Head of Cyber Security & Risk - 12 MONTH FTC

Wincanton

  • Chippenham, Wiltshire
  • Permanent
  • Full-time
  • 28 days ago
Job Description:Duties and responsibilities:
  • Understands our business, regulatory and contractual requirements for the use of information technology and information security
  • Ensures our corporate IT risk appetite and exposure is understood, articulated, documented and communicated. Continually identifies, evaluates, assesses, directs, monitors and reduces IT-related risk to within tolerance levels
  • Ensures our business, IT systems and suppliers have appropriate controls to protect information in-line with risk appetite, security strategy and meet obligations
  • Defines, develops, delivers and maintains the IT governance framework, which outlines clear responsibilities for the delivery of our organisations mission, goals and objectives
  • Defines IT security strategy and establish the supporting Information Security Management System
  • Defines IT business continuity strategy and establish the supporting Business Continuity Management System, ensuring appropriate continuity of IT services in the event of disruption
  • Supports innovation efforts and ensures that prospective solutions and suppliers meets our obligations
  • Supports data architecture and data quality improvement efforts
Typical Outputs:
  • IT security strategy, policies and standards to meet regulatory obligations and business requirements
  • Audit Committee, Risk Management Committee and PLC board reports and advisories
  • Employee training and awareness programmes to improve operational behaviour and shape culture
  • Strategic and operational risk assessments, control strategies and executive risk acceptance
  • Current and prospective customer engagement regarding information and cyber security
  • Good practice dissemination including frameworks and standards
  • Audit remediation steering, change delivery and evidence provision
  • Operational governance (Information Security Forum, Operation Security Forum etc.)
  • Information technology and security measurement
  • Simulation and testing to assess, identify and improve controls
  • Supplier and customer risk-assessments and contract reviews
Experience, skills and attributes:
  • Minimum of 10 years' broad information technology experience
  • Minimum of 10 years' information security experience in domains including security and risk management, asset security, security architecture and engineering, communication and network security, identity and access management, security assessment and testing, security operations and software development security
  • Appropriate information security accreditations such as CISSP, CISM, CRISC, CISA and CGEIT
  • Strong knowledge of formal methodologies such as COBIT, ISO27001 & 2, TOGAF, SABSA, ITIL and NIST
  • Knowledge of regulatory obligations pertaining to information technology and security
  • Experience in logistics and of supply chain technologies beneficial
  • Strong interpersonal skills in areas such as teamwork, facilitation and negotiation
  • Excellent analytical and technical skills
  • Excellent communication and influencing skills
  • Experience of working in matrix organizations
Our Commitment:Our people are our most important asset and as such we are continuously expanding our capability programs to provide you with opportunities to build and extend your professional, functional, and management skills. Your development through coaching is our priority. Continuous learning takes place through a broad variety of opportunities and types of engagements. Access to the latest technological innovations in the logistics and supply chain industry, as well as Wincanton's deep knowledge and expertise in our field, constitute a superb platform for your professional development.

Wincanton