Head of Information Security
Overview: This is a full-time, permanent role located in either our London or Nottingham office or can be home based. The annual salary is based upon location. London - up to £85,000 DOE, Nottingham - up to £80,000 DOE, Home Based - up to £75,000 DOE including 10% variable bonus and benefits. We are currently running a virtual office for the foreseeable future. Our recruitment drive is continuing with new hires joining us using our remote working capabilities, with all interviews being conducted via Microsoft TEAMS. We ask candidates have access to a webcam for them to be able to attend interviews.
ElectraLink manages complex technology for external stakeholders and to manage its business operations, enabling staff to collaborate effectively. In addition ElectraLink has accountability for the responsible management of large data sets on behalf of the energy market, including data covered by legislation such as GDPR. The security of data and information is therefore a key business priority for ElectraLink.
The Head of Information Security will serve as the business leader responsible for the development, implementation, and management of ElectraLink’s security vision, strategy and programs. They will identify, develop, implement, and maintain security processes across the organisation to reduce risks, respond to incidents, and limit exposure to liability in all areas of information and data security.
In order to achieve the above, the Head of Information Security will remain technically current and appraised of the latest security standards. They will participate in peer led forums / groups and promote security best practice and innovation across ElectraLink, as well as externally to the company.
Nottingham, London or Home Based.
Frequent working with the ElectraLink teams in Nottingham & London Travel to customers’ sites as required. Travel to ElectraLink stakeholders, suppliers & partners as required.
Main purpose of job
Engage with 3rd parties to contract services to provide expertise and capability, sometimes at short notice to support security incident investigation and remediation.
The job holder will work closely with the ElectraLink internal operational and programme delivery teams to ensure that security is properly considered in as part of product or service design and that appropriate security governance, controls and measures are in place to ensure secure day to day operation.
To ensure that Electralink’s data assets are appropriately secured, owning and providing day to day management for all data and information Security systems, applications, policies and processes.
Develop and maintain security standards and procedures for ElectraLink and will define and execute security awareness programs required for staff to follow these standards.
Perform security risk assessments, providing guidance on the implementation of all projects with information security implications across the company.
Implement and maintain KPIs and metrics to allow the monitoring of compliance with security policies and procedures against industry standard/best practice.
Build relationships and maintain a network of external committees and groups, including Intelligence Agencies, national Police Force intelligence specialists and the heads of security within the energy industry; ensuring that information is shared, trends analysed and that the changing security threat landscape for ElectraLink is communicated to the Executive and non-executive management.
- Carry out full security audits (internal and external with relevant suppliers) and ensure compliance and best practice is adhered to.
- Act as a key stakeholder in the identification of cyber security risk and the design and introduction of appropriate controls and mitigation.
- Management of cyber and data security incidents.
- Supporting the implementation of security culture and embedding of security controls into business change and processes.
- Managing security for the allocated business units and teams to ensure programs are delivered and business operations are reviewed to identify high risk processes
- Driving security awareness and education throughout the business units. Win hearts and minds and maintain a security culture
- Supporting Security Solution engagement in Change Programs
Principal Skills and Experience
- Educated to degree level or equivalent and qualified in generalist security disciplines (such as CISSP, CISA or CISM)
- At least 5 years’ experience of working within the security analysis field, gained from working within either the Corporate, Civil Service, MOD, Police or other Non-Government Organisation environment
- Experience of working in a utilities industry or another regulated market would be preferable
- Experience in Data Leakage prevention
- Experience of working with public and/or hybrid cloud environments
- Broad IT security management knowledge, skills and experience – including appropriate tools, processes and policies to maintain cyber security
- Detailed knowledge and understanding of legislative issues (Criminal Law, Health and Safety, Data Protection, Human Rights, Safety, Employment and Equal Opportunities regulations)
- Good understanding of relevant standards (ISO 27001, PAS 99 Management System, NIS Directive, GDPR etc)
- Experience in developing and delivering a organisation-wide security related strategy
- Experience of conducting security based investigations and the management of such inquiries
- Experience of dealing with police and government agencies (e.g. the security services, the ICO, Ofgem) and working in a multi-discipline environment.
- The role holder must be self-motivated, able to work on their own initiative and liaise effectively with professional staff and customers throughout the business
- Excellent time management skills with the ability to work under pressure to tight deadlines
- Excellent inter-personal skills, and with the gravitas to manage, coach and direct personnel at all levels within both the ElectraLink business & external companies
- Proven ability to gain credibility with, persuade and influence Executive, Board and operational managers and other key stakeholders.
- Able to operate calmly and effectively in complex and challenging tasks, such as major or sensitive incidents
- Excellent oral and written communication skills.
How to Apply
Please apply to this position by utilising the “Apply Now” link below. You will be able to apply via email attaching your CV and any other documents you feel might strengthen your application.
Recruitment Privacy Notice
As part of our recruitment process ElectraLink Ltd collects and processes personal data relating to applicants and potential employees. May we request applicants familiarise themselves with the contents of our Recruitment Privacy Notice by utilising this URL https://www.electralink.co.uk/wp-content/uploads/2019/08/Recruitment-Privacy-Notice-v1.pdf