Head of Service Security

Summary

Join Livestock Information Ltd as their Head of Service Security and play a vital role in safeguarding their digital assets. This pivotal role involves advising senior leadership on security practices, refining their ISO27001:2022 security management system, and leading their Cyber Security Operations Centre. You will leverage your expertise in Microsoft Azure and secure development lifecycles to stay ahead of emerging threats. The position requires a blend of technical skills, strategic thinking, and leadership. A competitive salary of £60,000-£65,000 is offered, along with a fully remote and flexible working setup and other attractive benefits.

Requirements

• Substantial experience at engaging, influencing and managing stakeholders across departmental and organisational boundaries up to and including director level
• A track record of senior management in a complex IT organisation encompassing service delivery, application development and cloud infrastructure and PaaS services, SIEM and CSOC
• Experience of Microsoft Cloud Adoption Framework, Zero Trust Architecture, and Microsoft Cybersecurity Reference Architectures
• Good understanding of current and emerging threats and countermeasures and the organisational challenges to addressing these threats
• Hands on practical experience in the designing, building, testing and delivery of transformational security improvements across an organisation
• An excellent understanding of best practice within Information Security and risk management including standards such as NIST, CIS, Cyber Essentials, ISO/IEC 27001, ISO 27005, ISO31000
• Experience of Business Continuity Management, Disaster Recovery Management and Service Continuity Management
• Experience of operating within a Cyber Essentials Plus environment, ideally with experience of the gaining of this accreditation
• Experience of operating in a service management framework or standard such as ITIL V4 or ISO20000
• An excellent understanding of legislation and regulations that impact information Security e.g. UK Data Protection Act and GDPR. Government Cyber Security Strategy and GovAssure

Responsibilities

• Operating and maintaining a business-aligned information security strategy and operating model
• Operating, improving and monitoring an ISO27001:2022 information security management system including policies, standards, principles and controls including management practices and technical security measures
• Providing advice and direction to the organisation’s development teams, in the integration of security practices into Secure Development Lifecycle processes
• Reporting to organisations senior leadership team on information and cyber risks, mitigation strategies, compensating controls, cost benefit analysis and emergent threats
• Ensuring that information security risks to the organisation which are presented through suppliers, and delivery partners are identified and managed appropriately
• Ensuring Information Security is managed effectively throughout the IT service delivery lifecycle (including Security Operations, Security Architecture and Security Assurance)
• Third party management with third party application development partners
• Running, operating and reporting on LI internal Cyber Security Operations Centre (CSOC), SIEM, threat hunting, vulnerability management and Cyber Threat Intelligence
• Supporting the organisations Service Continuity Plans and Disaster Recovery Plans
• Driving development and delivery of measures and metrics to support the assessment, reporting and ongoing improvement of the information security posture
• Working closely with internal stakeholders and business units to keep abreast of planned changes to technologies, working practices, and business activities that could have an impact on the organisation’s information security or risk profile
• Supporting and promoting an appropriate level of information security culture and awareness across the organisation
• Driving investigations into information security breaches and pursue associated disciplinary and legal matters, liaising with the Data Protection Officer on data protection legislation ensuring root-causes of such breaches are understood and addressed
• Maintaining and developing the organisations Information Asset Register in collaboration with Information Asset Owners, coordinators and other stakeholders across the organisation
• You may be required to undertake other duties assigned by your line manager as appropriate

Benefits

• A fully remote and flexible working set up
• 33 days annual leave, inclusive of Bank Holidays
• 4 x annual salary Life Assurance
• Market leading pension scheme through Legal & General
• Enhanced Family Friendly Policies
• Excellent learning, training, and career development opportunities
• 24/7 access to our Employee Assistance Programme
• A diverse and inclusive culture where everyone is respected and valued