Information Security OfficerReports to:
Chief Information Security OfficerDepartment:
Information Security / TechnologyLocation:
London / LeedsDEPARTMENT DESCRIPTION
The Technology department is led by the Technology Director who reports to the Chief Operating Officer.
The Technology Department is charged with:
- Development, communication and execution of the company’s Technology Strategy, Governance processes, Architectural guidelines, and Risk management
- Change delivery for Platforms, Systems and Processes, supporting our business verticals
- Provision of secure, efficient and high-quality IT and Broadcast services
Driven by the Channel’s Future4 strategy, our business is undergoing an accelerated digital transformation. To deliver this future, Channel 4 are refreshing the operating model of the technology team. The operating model is aligned with the four key areas of Channel 4’s business, Content; Marketing and Viewer Experience (incl. All 4); Commercial; and Operations (incl. ERP), each having a technology leader embedded alongside the business leader.
These business orientated units will be supported by a strong central function that provides leadership and services through Strategy, Architecture & Data, Service Management, and Governance Risk & Compliance. JOB PURPOSE
The purpose of the role is to assist the CISO in the running of the cyber security department, which looks after the confidentiality, Integrity and Availability of Channel 4’s assets. The individual will oversee security projects, manage the Cyber Security risk register and ISO27001/NIST compliance activities, as well as help produce the cyber security strategy designed to support Channel 4’s commitment to its corporate Digital strategy. Part of the role is to liaise closely with the operational teams and assist to ensure security related requirements are met on an ongoing basis. The role will also include responsibility to assist as a mentor to other members of the team and contribute towards the company’s apprentice scheme.KEY RESPONSIBILITIES
ESSENTIAL EXPERIENCE & SKILLS
- Provide subject matter expertise and strategic advice on cyber security issues affecting the organisation, by identifying potential exposures, and conducting reviews to ensure that undesirable effects are detected, mitigated and/or corrected, and providing pragmatic advice for suppliers and internal employees to ensure that cyber risks are managed appropriately.
- Take a proactive approach to identify gaps and opportunities for improvement to mitigate Technology risk and threat.
- Support operational security activities including oversight of ongoing specific security processes (e.g., incident response, ad hoc queries, periodic access reviews, and vulnerability management).
- When applicable, discusses designed solutions beforehand with the technology architects to mitigate information risk.
- Align Information security and Privacy technical measures to business needs.
- Assess, highlight, and help manage Risk across Technology from an information security and cybersecurity perspective.
- Evaluate and highlight privacy requirements in any Technology project and existing operations, assisting in defining and managing the reduction of potential exposure.
- Create and maintain up to date Configuration Standards and Security Procedures and ensure such standards and operational procedures are known and well applied by the interested people.
- Update knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organisations.
DESIRABLE EXPERIENCE AND SKILLS
- Awareness of standards frameworks:
- ISO27001, NIST, CIS, COBIT, GDPR
- Expertise in information security knowledge and delivery
- Experience of successfully delivering in a similar level role
- Experience of the full software development delivery lifecycle for technology projects from requirements to retirement
- Experience of working on projects and liaising / providing technical input to projects in a timely fashion
- Communications skills, with the ability to present ideas verbally and in writing
- Collaboration skills, with the ability to win trust and gain input from stakeholders, 3rd parties and colleagues
- An ability to multi-task and prioritise across several concurrent projects and activities
- Demonstrates a willingness to share, be open and provide input to others’ needs
- Demonstrates a passion for improving process and driving forward efficiency improvements
- Proven analytical thinking skills with strong problem-solving ability and a focus on getting things done
- Creative with the ability to think outside the box and challenge the status quo
- Aligned to and passionate about the Future4 strategy https://annualreport.channel4.com/
- Will take ownership of a problem, and knows when to escalate
- Stakeholder management and engagement
- Relationship management and engagement
- Ability to build teams and mentor colleagues, to be a facilitator when required
- Ability to see the bigger picture
- Ability to maintain composure under pressure
- Ability to pick the right communication channel for the audience, and present in engaging and persuasive manner
- Attention to detail, with the ability to understand and relay complex matters
- Ability to see opportunity, propose a solution and shape implementation
- Able to effectively deal with changing priorities or obstacles and to provide alternative options or solutions
- Logical thinker with the ability to triage problems independently.
- A customer service orientation