Information Security Engineer
In this exciting and newly created role of Information Security Engineer you’ll drive positive change and innovative thinking into how we develop and design processes, tools and methodologies to improve the overall efficiency of the Security and Compliance team.
You’ll build dashboards and funnels to help drive resource allocation and tasks prioritisation for the Security and Compliance team, you’ll build complex audit programs to include suppliers, internal functions and system security tests to guarantee information security and regulatory risks are known, understood and remediated when appropriate. You’ll play a pivotal role in strengthening the processes for embedding information security and regulatory requirements and provide cutting-edge information security expertise to projects to ensure appropriate security requirements are considered to control risks.
You’ll need to influence decisions and actions and work with stakeholders from IT and the wider business segments to drive positive change, there will of course be some resistance along the way and you’ll need to manage and overcome it to enable the business to move to more effective and efficient ways of working.
We’re looking for an innovate thinker, a proactive change agent, an influential technical expert who’s passionate, ambitious and looking to make a real impact to a business. This is the type of role that doesn’t come along every day, the type of role which provides you with professional development, career advancement and the opportunity the deliver best practice on such a scale.
You’ll be based in our Salford Data Centre although some flexible / home working can be accommodated and there will be a need for small amount of business travel nationally.
Contribute to the Security and Compliance maturity level development and continuous improvement process:
- Develop and maintain processes and tooling to create proper funnels and capture centrally all requests (incidents, projects, due diligence audits, business developments, etc.) submitted to Security and Compliance
- Develop relevant dashboards and KPIs to monitor Security and Compliance activity to support tasks prioritisation and resources allocation
- Create forecasts on resource consumption to help in decision-making
- Review and propose changes to redevelop processes or procedures to improve overall maturity
Lead the Business Security dimension of Security and Compliance:
- Drive Security and Compliance resources allocation in projects to ensure appropriate coverage
- Support complex projects providing information security requirements and follow-up, in particular by providing secure architecture expertise
- Ensure that the appropriate standards (e.g. compliance requirements), processes and documentation are followed for all projects
- Lead Information Security projects (e.g. deployment of new security appliance) in conjunction with Project Managers
- Design a relevant classification of suppliers and lead the supplier audit program to measure compliancy with contracts and Sodexo information security policy
- Contribute to the redesign of the IT supply chain management process from an end to end perspective starting from data acquisition up to the yearly audit program
- Coordinate meetings and actions with relevant stakeholders to ensure information security and regulatory requirements (e.g. GDPR) are embedded adequately
- Support business development and vendor due diligence activities providing information security expertise to stakeholders
Support actively regulatory compliance efforts:
- Lead the GDPR IT stream, alongside with data privacy and information security representatives, prioritising tasks and IT resources allocation for ongoing GDPR related engagements (data collection, audits, response to data subject access requests, etc.)
- Contribute to the update of the systems and data inventory, and related security measures in accordance with GDPR requirements
- Coordinate the PCI DSS compliance efforts, with the business, the QSA and information security representatives, to ensure the scope is maintained under control and certification is achieved
- Support audit engagements to assess security measures in place in systems and compliancy with relevant standard or regulation
The Ideal Candidate
- Proficiency in core information security principles (access control, network security, vulnerability management, etc.)
- General knowledge of IT environments and technologies, data privacy
- Experience in one or several project management methodologies, processes and frameworks (Waterfall, Lean, Scrum, Kanban, etc.)
- Experience in designing enterprise processes and frameworks from scratch
- Experience in security architecture
- Ability to communicate effectively to a wide range of people from various horizons, both written and verbally
- Ability to think out of the box, challenge with humility and propose new ideas
Where we can be flexible:
- Graduate in Information Security
- Experience in Cloud architecture is a plus
- Experience in building security audit programmes
- Experience of GDPR
- Experience of PCI DSS, former QSA is a strong plus
- Knowledge of security standards (ISAE 3402, ISO27001, etc.)
- Ability to prioritise tasks and plan
- Ability to anticipate issues and adjust plan accordingly
- Ability to influence people
- Analytical and problem-solving capabilities
- Rigorous and organised
We also offer Sodexo Discounts site promoting discounted mobile phone tariffs, savings across restaurant chains and days out, where you and your family can save money on everything from your weekly food shop to the latest cinema blockbuster and much more
About the Company
In the UK and Ireland, Sodexo employs some 35,000 employees to deliver integrated facilities management services to clients at over 2,000 locations in the corporate, healthcare, education, leisure, Defence and justice sectors. With an annual turnover of over £1bn, we provide everything from catering, cleaning and reception to security, laboratory and grounds maintenance services, enabling our clients to focus on their core business.
Sodexo and our clients are committed to safeguarding and promoting the welfare of children and adults within a regulated activity. Certain roles will require applicants to undergo screening appropriate to the post, including checks with past employers and the Disclosure and Barring Service (DBS) and/ or Disclosure Scotland.
We are building on our support to the Armed Forces community through the development of specific pathways within our recruitment process to further engage ex-forces personnel and reservists. Those applying for roles with us who meet the essential criteria advertised under the ‘ideal candidate’ on the vacancy advertised are guaranteed to progress within the selection process.