Job Introduction
Our Information, Systems and Technology (IS&T) team is undergoing an exciting period of change and transformation, so we have opened a new position for a Head of Security, Governance, Architecture and Compliance.
You will lead the Security Governance, Architecture and Compliance domain of the IT & Cyber Security activity in UK & Ireland by orchestrating security risk management, and instilling a culture of security across the organisation.
To be successful in this role, you will oversee key staff (in-house and outsource) working to identify security risks and ensure adequate actions are set up to manage these in various activities (e.g. projects, supply chain, clients, internal control, etc.).
You will also orchestrate a community of security champions across the organisation within the business but also beyond (e.g. subsidiaries), and develop, maintain, and expand the Information Security Management System.
This is an exciting role where you’ll be able to quickly see the benefit and value add that you bring to our organisation, you’ll work with a wide range of stakeholders and technical experts.
This is a work at home role.
Role Responsibility
- Lead and drive the evolution of the Security Governance, Risk and Compliance domain
- Anticipate and identify new people, process and technology needs for the development of the domain
- Contribute to business cases as needed with the support of the Regional CISO
- Establish budget, forecast, and track expenses for the Security Governance, Risk and Compliance domain
- Advise the Regional CISO and IS&T leadership on future investments
- Build relevant KPIs & dashboards for regular review with the IT & Cyber Security leadership, and the IS&T leadership as needed
- Identify knowledge gaps in the team and select appropriate training for upskilling team members
- Ensure a technology watch is performed across the team to keep up with emerging threats and technology in the Security Governance, Risk and Compliance domain
- Manage resource allocation and capacity planning of the team
- Develop and maintain the reputation of the domain as a viable business partner
- Support the Governance of the IT & Cyber Security activity
- Work with the business development, sales and operational teams as appropriate on required client due diligence; help design a more effective process including a self-service process and a library of standard responses
- Manage the Information Security Management System (ISMS) and propose strategies to expand the scope, and maintain the ISO27001 certifications
- Maintain and develop the easy-to-use tools and processes to engage with the IT & Cyber Security activity; and ensure there are communicated to business stakeholders
- Lead the IT & Cyber Security training and awareness programme and strategies to address awareness and training for all stakeholders
- Animate a community of IT security champions across Sodexo, its subsidiaries and specific contracts (e.g. within GEC, STH, i2020, Sodexo Government, etc.) to coordinate security activities transversally
- Work with the IT & Cyber Security Leadership to animate the Cybersecurity Committee
- Implement, maintain, and develop the Cyber Security and IT Compliance risk management programme
- Supervise the definition of the annual internal audit schedule and scoping in conjunction with the Risk & Control function
- Ensure internal controls effectiveness are tested and make recommendations to management for improvements to match Sodexo risk appetite
- Direct the work of the team to ensure IT security is systematically and consistently evaluated, and integrated across the project lifecycle
- Ensure appropriate expertise is provided to projects in achieving implementation of security requirements
- Drive the evolution of the various frameworks, procedures, processes, and directives dictating Sodexo security posture against architecture and technical needs
- Guarantee supplier third party risk is systematically and efficiently assessed, and vetted as needed
- Make sure business risks are surfaced to management and stakeholders when appropriate for formal acceptance
- Contribute to the Business Continuity Plan and associated IT activities (e.g. Disaster Recovery Plan)
|
The Ideal Candidate
- IT degree preferable
- Experience of people management
- Experience of security risk management and compliance
- Experience in financial forecasts, budget, and business planning
- Proficiency in core information security principles (access control, network security, vulnerability management, etc.)
- General knowledge of IT environments and technologies, and data privacy
- Knowledge of one or more security standards (Cyber Essentials, ISO2700x, PCI DSS, etc.)
- Diplomatic with the ability to interact successfully with all levels of the business
- Ability to work in a matrixed organisation and under own initiative
- Ability to translate security requirements and standards into easily understood business concepts and vice versa
- Versatile and ability to adapt quickly to changing contexts
- Rigorous and organised
- Strong-will minded
- Analytical and problem-solving capabilities
- Experience of handling supplier third party risk is a strong plus
- Experience of developing and maintaining an ISMS and obtaining ISO27001 certification is a strong plus
- Experience of developing and maintaining enterprise security awareness and training is a plus
- Experience in public Cloud (Azure, AWS, GCP) is a plus
- Knowledge in security architecture is a plus
- Knowledge of one or more security standards (Cyber Essentials, ISO2700x, PCI DSS, etc.) is a plus
- Knowledge of IT auditing is a plus
|
Package Description
£65,000 - £80,000 + 15% bonus + great benefits
About the Company
In the UK and Ireland, Sodexo employs around 30,000 people, and partners with clients in many sectors across business and industry; schools and universities; sports and leisure; energy and resources; government and agencies; healthcare; justice and defence.
Sodexo’s connected; people-centric approach brings together a diverse range of expertise. The breadth of services it offers ranges from food and hospitality; cleaning; reception; concierge (Circles); security; property management and technical services through to data driven workplace strategy and design (Wx); employee engagement and recognition services (Sodexo Engage) and personal home services through Prestige Nursing + Care and the Good Care Group.
Vital Spaces is Sodexo’s value proposition that puts people at the heart of everything we do, bringing together services and solutions and focusing on the productivity and wellbeing of people wherever they are.
Sodexo is committed to being an inclusive employer; we welcome and encourage applications from people with a diverse variety of experiences, backgrounds and identities.
We’re a Disability Confident Leader employer. We’re committed to changing attitudes towards disability, and making sure disabled people have the chance to fulfil their aspirations.
We are building on our support to the Armed Forces community through the development of specific pathways within our recruitment process to support ex-forces personnel and reservists, those applying for jobs with us who meet the ideal candidate criteria for the role advertised are guaranteed to progress to the selection process
