Develops the annual Security Plan for Redberry and manages the “Security as a Service” supplier relationships, deliverables and budgets
As security program manager, tracks and provides periodic reporting on the status of all information security initiatives in the company
Leads or commissions the preparation and authorizes the implementation of necessary information security policies, standards, procedures and guidelines, in-line with Redberry’s global policies
Leads and mentors a team of 25-30 Networking and Windows Administrators providing Remote Infrastructure Support for our clients
Performance of security & data protection audits on suppliers and applicable partners
Respond to security and data protection audits performed by clients and partners
Monitor Disaster recovery, Business Continuity Planning and Backup Activities
Review, assessment & sign-off on proposed technical changes that impact security & risk profile and communicate risk to the business
Manage security incidents, including follow-on enforcement and prevention activities.
Manage supplier relationships, deliverables and budgets for external security services
Works with stakeholder groups (business or global product) to identify network & information security requirements and ensure compliance with all data protection and security requirements, legal and self-regulatory requirements, industry standards and best practice methodologies
Owns and oversees delivery of approved security initiatives and works with project managers to ensure acceptable delivery of security solutions
Reports and communicates status of all issues concerning information security throughout all business units within the geographic region, and provides periodic notification to Business Owners
Tracks and reports on information security budget including security resourcing/capacity plan for the region and provides forecasted and actual updates monthly
Leads or commissions information security risk assessments and controls selection activities
Identifies required information security skill set and engages and manages information security consultants to ensure delivery of security requirements in projects and oversees performance, budget and quality delivery;
In-line with global security direction, works with Architecture to provide security input to proposed architectures. Accepts proposed security solutions occurring/affecting the geographic region Oversees and supports the delivery of compliance monitoring performed by the Network Center of Excellence
Oversees and supports the delivery of compliance monitoring performed by the Network Center of Excellence
Requirements:
The candidate should have experience of data protection, security, risk and compliance related matters - preferably gained within a regulated and/or marketing services environment
Building and deploying effective data protection, cyber-security and Information Security Management processes from starting point, as well as their ongoing, management, review, audit and enforcement
Compliance in organizations that rely on a partially outsourced model
Managing and reporting on budgets including forecasts and actuals
Working and managing security service providers including forecasting capacity requirements based on delivery plans and ensuring quality of deliverables
Building business cases for security investment
Communicating with and reporting to senior management and articulating security risks
Demonstrated program and project management skills, including defining milestones and producing work-back schedules (WBS) to achieve milestones (date and deliverable) and reporting on program status
Proactive and hands on approach
A thorough knowledge of the practical application of Data Protection and Privacy and Electronic Communication laws
ITIL / COBIT qualified
Knowledge of application security and secure SDLC best practices
Being conversant with security best practice including BS27001/ISO27001 - ideally have authored corporate security policies as well as specific technology security policies such as PCI DSS
Excellent communication, negotiation and presentation skills
Experience engaging senior IT and business personnel to achieving a common goal
Demonstrated ability to work in multi-disciplinary and geographically disperse teams
Leadership/management experience
Additional Qualifications (Desirable)
Experience in technology product development and deployment
Principles of good security design
CISM/CISSP qualified
BS27001/ISO27001 conversant
Familiar with generic IT audit practices/methodologies
Experience in dealing with outsourced hosting and development partners
Experience in security / fraud investigations o Audit and compliance activity in a regulated industry (e.g. Financial Services)