Easter Seals Jobs

Home View All Jobs (2,191,369)

Job Information

Zonal Retail Data Systems Limited Head of Information Security - Governance & Compliance in Edinburgh, United Kingdom

What you’ll do

Reporting to Zonal’s CISO, you will work within Zonal’s Security team to maintain an ISO 27001 certified ISMS, broadening out scope of the certification across Zonal’s subsidiaries and international territories (as required).

You will be responsible for compliance to the GDPR and maintain and grow Zonal’s Cyber Essentials certification, in addition to responding to future strategic compliance investments Zonal chooses to make.

You will also be responsible for driving and supporting Zonal’s PCI DSS Compliance Program to ensure the necessary internal controls, policies and processes are defined, embedded, distributed (via The Local) and operating effectively. Ensuring an effective incident notification and response process is in place, communicating this to the necessary stakeholders.

You will work with internal teams as an internal auditor and trusted advisor, with customers, responding to their Information Security, Data Protection and PCI audits and enquiries along with auditing bodies for external validation and certification.

We pride ourselves with the ability to engage the business and educate them. We would like you to have a high level of technical ability and share our passion for information security. You’ll work alongside all our departments across all levels, from R&D and Cloud Infrastructure through to HR, Legal, Procurement, Marketing and Sales.

We pride ourselves on being a customer focused security team and as such the candidate must have a high degree of customer facing skills and prowess to help ensure we fully support our customers with their security, data, and PCI compliance requirements.

Responsibilities will involve: -

 

  • Extensive experience in ISO 27001, including implementation, maintenance, and certification of an ISMS within a technology organisation. ISO 27001 Lead Implementer would be advantageous.

  • Extensive experience in working with external UKAS accredited auditing bodies and managing and owning the external ISO27001 audit programme.

  • Extensive experience as an internal ISMS auditor. ISO 27001 Lead Auditor is desirable.

  • Practical experience in the application of controls and compliance with PCI DSS and Cyber Essentials.

  • Knowledge of relevant IT Security related hardware, software and vendor solutions and the application of best practice security principles to mitigate and manage risk.

  • Good understanding of network protocols and web/mobile secure software development lifecycle with evidence of product design sign off.

  • Extensive experience of working with a diverse and broad range of teams to deliver Information Security requirements into their departments.

  • Experience in implementing and maintaining a PIMS (Privacy Information Management System) for compliance with the GDPR.

  • Experience of working closely with customers, managing their compliance obligations, audits, and due diligence in a timely, organised, and diligent manner.

  • Extremely organised and able to oversee and maintain a complex set of governance processes.

  • Documentation and attention to detail must be copybook correct.

      Who you are

    This is an ideal role for an experienced and highly diligent ISO27001 Implementer looking for their next career challenge.

    You’ll be hands-on and fully accountable for maintaining and further developing the ISMS throughout all areas of a complex and diverse technology business.

    The role is ideally suited to an individual who is passionate about technology, passionate about Information Security and is pragmatic in their approach, priding themselves on being an agent of change and getting the job done!

    You will be comfortable leading from the front with the support of the CISO to drive best practices and continuous improvement making decisions based on data trends, metrics and KPIs.

    We would like you to have the ability to understand the consequence and relative importance of risk findings within the context of the wider organisation and the customer base.

    We expect you to understand the broader threat environment, using this knowledge to articulate and report findings and key risks, clearly and concisely.

    We need you to be able to deliver key messages to different audiences, from technical development teams to senior non-technical management teams.

    Key Skills: -

     

  • 4+ years’ experience working within an information security role with a focus on ISO 27001

  • You will be a self-motivated, logical thinking problem solver who is flexible and adaptive to a very busy work environment.

  • You will be organised and have an inquisitive nature paired with a positive attitude and an eagerness to learn as well as to coach other team members.

  • You will be extremely organised with the ability to manage your time and work effectively.

  • You will be friendly and approachable but authoritarian when the situation requires you to be.

  • Ideally with a degree in Computer Science or Security or professional qualifications in ISO* implementation and auditing experience; however, industry experience and evidence of achievements is just as desirable.

  • Experience of implementing and maintaining an ISMS and taking one or more organisations through ISO27001 certification are mandatory for this role.

    Additionally, the following skill areas would be advantageous: -

     

  • ISO 27001 Lead Implementer

  • ISO 27001 Lead Auditor

  • Experience of the following is beneficial:

  • PCI DSS

  • UK Cyber Essentials Plus

  • ISO 27701

  • ISO 27017

  • ISO 9001

  • ISO 22301

  • ISO 20000

  • SOC 1 / SOC 2

  • NIST

  • OWASP

  • Experience of working with the Microsoft Security Suite of products (Microsoft Defender, Purview, Attack Simulation, Threat Intelligence, DLP etc.)

  • Good understanding of information security architecture and penetration testing.

  • Supporting bid and tender processes, reviewing, and amending contractual agreements to include security requirements and conducting supplier due diligence.

  • A good understanding of ethical hacking.

  • Ability to explain findings to non-technical professionals.

  • Excellent report writing and presentation skills.

  • Able to work independently but also as part of a team.

  • Flexibility to change direction and manage conflicting demands.

  • Outstanding organisational and data analytics skills.

      What we value   Imagine what it would be like to work at the UK’s leading tech developer to the country’s biggest and best pubs and restaurants? From EPoS to loyalty, CRM to table bookings, stock control, recipe management and BI Reporting giving business critical insights – our tech includes everything an operator needs to run their hospitality business. Our customer obsession shapes our product roadmap. We bring passion for our customers and dedication to innovation to the everyday.  ​ Smart, inspiring, forward-thinking people who thrive on building solutions for complex problems. We are very much a family company not just in name. Zonal people work together and look out for each other. Trusted to be accountable, you’ll find that everyone around you shares a passion for delivering value to our customers and striving to always do better. We provide a flexible working environment with a culture to help everyone achieve their best.​

     

Powered by JazzHR

DirectEmployers