Information Security Compliance Officer

Job Introduction

Sodexo are looking to hire an exceptional Information Security Compliance Officer to join our brilliant Information Security Team. 

You will manage the delivery of Information Security compliance activities in the UK & Ireland to support Sodexo’s PCI-DSS programme as well as the activities to maintain Sodexo's compliance with Cyber Essentials. 

Role Responsibility

• Build an annual consolidated Information Security Compliance Programme that provides the business, IT of visibility of internal and external Audit & Assurance activity to allow appropriate demand & resource planning
• Deliver effective Security Compliance reporting to inform Risk & Issue reporting to the CISO, IT & Business Senior Leadership
• Ensure Audit & Assurance actions are managed, tracked, and reported through to mitigation

ISO27001

• Ensure the ISMS is managed and maintained in alignment with the Statement of Applicability and ISO27001/2 framework
• Define requirements for the ISMS, document and implement security policies to develop and maintain the ISMS
• Run regular audits of the activities on locations covered by the ISMS scope
• Develop a plan to scale up ISO27001 practices to a wider scope to improve overall security maturity
• Explore opportunities for consolidation of ISMS where practical and appropriate

PCI-DSS

• Build and maintain a PCI-DSS compliance programme that provides direction and assurance of operational controls to meet Sodexo’s compliance requirements
• Support PCI-DSS compliance efforts in performing and/or coordinating information security audits across payment channels / business segments
• Coordinate and support the PCI-DSS Audit Activity to ensure delivery of the ROC and the AOC

Cyber Essentials +

• Build and maintain a CE+ compliance framework that provides prioritised and targeted assurance activities
• Support CE+ compliance efforts in performing and/or coordinating targeted CE+ compliance monitoring across applicable segments and related Sodexo infrastructure
• Work with internal and external stakeholders to deliver CE+ certifications and recertifications

Information Security Third Party Assurance

• Manage and maintain questionnaires within the Third Party Risk Management platform used by internal and external stakeholders, enhancing the product and supporting processes where applicable.
• Conduct risk-based information security due diligence activities against vendors to provide appropriate levels of assurance to key stakeholders
• Enhance Information Security Third Party Assurance processes and engagement activities across IS&T, transversal functions and the wider business

The Ideal Candidate

• Expert knowledge and practical experience of ISO27001 certification requirements and ISMS documentation
• Expert knowledge and practical experience of PCI DSS certification requirements
• Expert knowledge and practical experience of Cyber Essentials + certification requirements
• Experience of leading and performing internal or external IT audits
• Experience of dealing with third party supplier audits
• Experience of negotiating with stakeholders in designing relevant action plans
• Experience of comprehensive IT internal audit program design and development
• General knowledge of IT environments and technologies
• General Knowledge of Security Architecture or Enterprise Architecture
• Desirable Certifications: CISA, CRISC, QSA, ISO27001 LI, ISO27001 LA.
• Ability to communicate effectively to a wide range of people from various horizons, both written and verbally
• Analytical and problem-solving capabilities
• Strong-will minded
• Rigorous and organised

Package Description

Competitive Salary + excellent benefits package.

We also offer Sodexo Discounts site promoting discounted mobile phone tariffs, savings across restaurant chains and days out, where you and your family can save money on everything from your weekly food shop to the latest cinema blockbuster and much more

About the Company

In the UK and Ireland, Sodexo employs around 30,000 people, and partners with clients in many sectors across business and industry; schools and universities; sports and leisure; energy and resources; government and agencies; healthcare; justice and defence.

Sodexo’s connected; people-centric approach brings together a diverse range of expertise. The breadth of services it offers ranges from food and hospitality; cleaning; reception; concierge (Circles); security; property management and technical services through to data driven workplace strategy and design (Wx); employee engagement and recognition services (Sodexo Engage) and personal home services through Prestige Nursing + Care and the Good Care Group.  

Vital Spaces is Sodexo’s value proposition that puts people at the heart of everything we do, bringing together services and solutions and focusing on the productivity and wellbeing of people wherever they are.

Sodexo is committed to being an inclusive employer; we welcome and encourage applications from people with a diverse variety of experiences, backgrounds and identities.

We’re a Disability Confident Leader employer. We’re committed to changing attitudes towards disability, and making sure disabled people have the chance to fulfil their aspirations. 

We are building on our support to the Armed Forces community through the development of specific pathways within our recruitment process to  support ex-forces personnel and reservists, those applying for jobs with us who meet the ideal candidate criteria for the role advertised are guaranteed to progress to the selection process