Location(s): United Kingdom - London
Requisition ID: 152546BR
Job Description
The EMEA Security Manager is responsible for all aspects of information security within the VCE EMEA geography. This includes, but is not limited to, compliance with security policies, awareness and training, and providing an essential and mandatory focal point for client requirements in corporate, public sector and government secure customer verticals. He/she must DV cleared or currently SC cleared and able to obtain DV clearance.
The EMEA Security Manager is a liaison and trusted advisor to the VCE business units with specific responsibilities to drive risk identification, remediation and governance programs within the business units in order to reduce risk and impact to VCE. This position focuses on all aspects of security and risk within the VCE business units.
PRINCIPAL DUTIES AND RESPONSIBILITIES
Security Leadership
Experience of assessing and advising on information and commercial risks for secure customers contracts
Strong understanding of the business relevance of information risks and the current trends and developments in information security
Leads the information security audit, compliance and governance regime to ensure compliance with secure customer accreditation, information security regulations, standards and policies
Ability to take a holistic view of security issues and make risk judgements across the relevant scope
Strong understanding of business and technical information security concepts and controls
Experience in writing or updating information assurance operating policies and compliance guidelines
Ability to articulate security advice directly to key VCE stakeholders and interpret that to customers
Provide security expertise to support the sales process including RFP input, customer questionnaires and customer visits as required
Business Process Analysis:
Ability to identify information security risks within business processes and then articulate and drive remediation of these risks with relevant IT and business stakeholders
Ability to frame business process improvement in the context of an enterprise wide view and be able to drive solutions from both a business unit and enterprise perspective
Technical Expertise
Individual should have a thorough understanding of IT security best practices and the ability to effectively apply those practices
Experience with applying IT governance frameworks into a business process including ISO 27002, COBIT, and COSO
Experience with various compliance, privacy, and regulatory standards including Sarbanes-Oxley, SSAE 16, PCI-DSS, ISO 27001, HIPAA, and state privacy laws
Experience designing and implementing GRC architectures and processes is preferred
Other duties as required.
Key Skills
A Professional Certification or qualification in Information Security (CISA, CISMP, CISM, CCP)
Sound practical knowledge of current Information Technology Standards and Techniques (including ISO 27001 series)
Sound practical knowledge of The HMG Security Policy Framework and associated CESG IA Policy Portfolio
Good working knowledge of Data Protection and Freedom of Information legislation and Computer Misuse Act