InfoSec Compliance and Governance Manager

at  Currys

YOU WILL NEED:

• Extensive knowledge of PCI DSS will be required as a large part of this role will focus on the standard.
• A good working knowledge of ISO27001 and or NIST CSF frameworks. Ability to perform audits and a knowledge of auditing techniques.
• An ability to build relationships and communicate effectively with technical, commercial and customer stakeholders.
• Articulate in both verbal and written communication with the ability to make measured arguments.
• Knowledge of key security technologies including vulnerability management, security information and event management, intrusion detection, access auditing etc.

We know our people are the secret to our success. That’s why we’re always looking for ways to reward great work. Alongside 30 days of annual leave (including bank holiday entitlement) and a competitive pension scheme (for permanent colleagues), you’ll find a host of benefits designed to work for you. They include:

• Company bonus
• Hybrid Working
• Company Pension

AS PART OF THIS ROLE, YOU’LL BE RESPONSIBLE FOR:

• Perform assessments across all security processes. Where compliance has been achieved work with stakeholders to ensure that controls continue to be maintained.
• Develop and maintain relationships across Currys to drive the security agenda and stay up to date with developments.
• Support security governance activities across the business. Be able to suggest and work with stakeholders to develop continuous improvement.
• Governance and control is an area of increasing focus within the Currys technology team. This role will be a responsible for driving the governance agenda within InfoSec:
• Perform maturity and capability assessments against NIST and ISO27001/2 and effectively presenting these results of these reviews of technology SLT.
• Create business cases for key compliance goals (NIST/ISO/PCI) and support project management of these programmes.
• Document controls that operate across InfoSec, keeping these updated as capabilities and processes within InfoSec mature and evolve over time.
• Administer the policy and standards exceptions process. Work with SMEs in InfoSec and technology risk functions to link exceptions to risk. Work with SMEs to ensure that Policies and standards are aligned with hardening standards for various technologies.
• Own InfoSec policies and standards, work with SME to update these
  The role will require individual to maintain beneficial internal and external relationships when managing one or more work streams across the information security function, ensuring delivery to the agreed scope, quality, time and budget criteria. They must be proactive in managing associated risks and issues, whilst actively engaging with business and technical stakeholders across the group.