Our client is one of the most recognisable fitness apparel & accessories brands and online retailers in the UK. Although still a young company, they have been one of the fastest growing brands in the fitness apparel market and have millions of customers and followers from more than 100 countries across the globe.
Currently they are looking for a new Governance & Awareness Lead for their fast growing Cyber Security team.
— MISSION —
As the Governance & Awareness Lead you will be responsible for maintaining and helping improve the company’s Security framework, as well as assisting in the Security Training & Awareness programme for the company’s staff.
— RESPONSIBILITIES —
- Supporting the maintenance and development of the company’s Security Framework.
- Implementing and developing appropriate policies, processes and reports.
- Providing guidance to decision-makers on information security policy and practice.
- Assisting in the development and maintenance of organisational Security Framework, by leading internal & external audits and reviews to safeguard business requirements.
- Facilitating and reviewing externally commissioned security testing (Penetration Tests, Game Days etc.) activities and working with the Infrastructure Security Incident & Threat Lead and relevant stakeholders, to ensure that any deficiencies are promptly resolved.
- Participating in the Incident Management process, assisting in managing incidents relating to information security.
- Promoting the business benefits of information security, including general information security awareness, to the organisation through briefings and other representations.
- Create and administer the company’s Security Training and Awareness Programme and test their user base using games and real-life scenarios.
- Work with our internal teams on the selection process when choosing third party suppliers and/or systems and produce risk reports highlighting our supply chain risk.
- Remain up to date with the latest industry standards and announcements to adapt, implement and update existing policy accordingly.
— MAIN REQUIREMENTS —
- Own or work towards, an industry recognised qualification in Cyber/InfraSec.
- At least 3 to 5 Years of Experience within information security management and/or related functions (such as information security solution design or architecture, IT Audit, IT Controls/Risk Management).
- Formal information security frameworks, such as PCI-DSS, ISO 27001 or NIST Cybersecurity Framework.
- General High level of organisational skills.
- Practical work experience in generating reports and management information.
- Solid understanding of relevant technologies and associated technical information security controls.
- An understanding of due diligence processes, as they relate to information security and data privacy.
- Experience in supporting a Mid-Sized HQ and Satellite Office user base in all Cyber/InfraSec related questions and queries.
- Experience in organisations that handle large volumes of PII across multiple SAAS systems, integrations and proprietary software.
- Experienced with governance and support for software on cloud infrastructure providers
- General computer and systems literacy are essential, as is the ability to understand system architecture and information flows.
- Ability to work collaboratively with other team members to deliver immediate tasks.
- A creative problem solver with the ability to think laterally and understand the cost and value drivers within a competitive business environment.
Please submit your application via the following email address: firstname.lastname@example.org quoting the job title in the subject.