Key skills
AWSCloudLeadershipCloud Security
About this role
Role Overview
- Working closely with the Governance and Compliance Manager (located in South Yorkshire, UK)
- Working closely with the Head of Information Security (located in North Yorkshire, UK)
- Leading the implementation and the changes required to help CEF to gain ISO27001 and additional certifications (such as ISO42001) as deemed necessary by the business
- Support CEF maintain security certifications (Cyber Essentials, PCI) and support activities to enhance security controls
- Auditing and reviewing security controls, policies and procedures to ensure alignment with current ways of working and best practice
- Undertaking security control gap analysis and proposing strategies to remediate or reduce any observed risks
- Supporting other Governance, Risk and Compliance team members in completing 3rd party supplier activities such as security due diligence reviews and client information security questionnaires
- Working with the Governance and Compliance Manager to foster a culture of continuous security training and upskilling for all CEF team members
- Supporting security governance measures and policies for AWS cloud security
- Working with the Governance and Compliance manager to identify, assess and prioritise potential information and data governance risks and issues across the business (including products, solutions, systems, data, people and processes), and through effective partnering relationships with business leaders, ensure that effective actions and controls are in place to mitigate those risks
Requirements
- Previous experience in an operational information security role, engaging and communicating successfully with senior stakeholders across different business areas to address and ensure information security compliance.
- Previous experience gaining or maintaining ISO27001 certification
- Proven experience of defining the information security policies, controls and processes to manage an organisations’ risk position
- Proven experience of utilising Information Security principles and best practices such as ISO 27001, NIST, NCSC, PCI DSS requirements and other regulatory obligations.
- Experience in risk and vulnerability management
Tech Stack
- AWS
- Cloud
Benefits
- Work from anywhere in the UK – we aim to come together multiple times a year in our office in Durham so you must be willing to travel when required.
- Annual discretionary bonus
- 25 days holiday plus UK bank holidays.
- Company pension scheme.
- Access to Champion Health – the “Netflix of wellbeing”, covering physical, mental and financial wellbeing.
- Access to MySavings Platform, offering discounts and vouchers across groceries, dining out, gym memberships, days out, experiences and travel.
- Access to Light Up Learning, our platform for leadership, technical and personal development.
- Free use of our onsite gym at Janet Nash House, Durham.