The Manager of Information Security will have significant responsibilities including coordinating the design, development, maintenance, and exercising (testing) of the information security plans, general policies and overall compliance. You will be the point of reference for all policy, information security, risk and compliance related matters within EDF Energy and will represent EDF Energy on this subject as part of recognised industry bodies or user communities. You'll advise and recommend appropriate solutions in support of any changes to the IT estate and where appropriate seek guidance from your superior as well as leadership and senior leadership within the company.
The Manager of Information Security will play a leading role in defining, developing and delivering the function across the entire CIO function, to achieve excellence delivered at optimum cost and integrity. When required, the post holder will also deputise for the Head of Strategy and Architecture.
Management and leadership of staff within the SGRC function to ensure that staff are performing duties in a manner to support company ambitions, values and goals
Leadership and strategic direction for the function, ranging from planning and budgeting to motivational and promotional activities expounding the value of internal controls, risk management, policy compliance and information security to ensure support within EDF Energy;
Liaises with, and offers strategic direction to, related governance functions (such as Physical Security/Facilities, Property Services, 2012, Risk Management, IT Operations, Enterprise & Corporate Change, HR, Legal and Compliance)
Continually monitors for sources of new internal and external IT Security threats to IT Security and, where appropriate, raises these for management attention and corrective mitigating action to ensure the security of company information assets
Forms a "centre of excellence" for information security, risk and compliance management, for example offering internal management consultancy advice and practical assistance on information security risk and control matters throughout the organization and promoting the commercial advantages of managing information security risks more efficiently and effectively. Done to ensure consistent and excellence level of compliance across the whole of the company
Leads or commissions the preparation and authorises the implementation of necessary information security and general policies, standards, procedures and guidelines, in conjunction with the Security Committee and company policy boards to ensure compliance in all aspects of information management
Leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations;
Works with operational managers to maintain a central register of visibility for technical updates such as patching, service packs, etc. Also ensures that such operational managers are aware of industry best practices. Note that operational managers would also include 3rd parties managing the IT landscape on behalf of EDF Energy. Done to ensure overall compliance in all aspects of IT controls
Accountable for the overall company investigative security investigative capability and analysis including forensics. This is a significant responsibility and requires a high degree of knowledge and specialism as well as expertise and communication skills with likely liaison with police, internal and external legal counsel
To be considered as our next Manager of Information Security you will possess:
Critical
MSc, CISSP or CISM accreditation
Background in the workings of an IT department e.g. computer operations, operations analysis, systems programming, networking, and database administration
An understanding of business functions, relative critically of software applications aligned to business functions, relationships between software applications and hardware platforms
Thorough knowledge and understanding of current disaster recovery planning techniques and technologies as well as the methods used in performing risk analyses and business impact analyses
Working knowledge of data processing in order to assist in the preparation of recovery procedures in this area
Working knowledge of applications, data and voice telecommunications in order to assist in the preparation of recovery procedures in this area
Good or working knowledge of COBIT and ITIL Frameworks
Commercial & General
Ability to communicate effectively to C-level company members as well as senior leaders at EDF Group level
Strong financial acumen, effective at planning, budgeting and with a strong commercial understanding
Excellent commercial awareness and extensive experience in dealing with suppliers;
Track record of delivering change to organisational processes, and possess a clear vision of the philosophy and culture needed in the organisation to transform the effectiveness of IT projects and operations
Well developed awareness and understanding of service models, technology and strategic direction;
Strong industry knowledge of system integrators & 3rd party services;
Demonstrable record of operational and project delivery;
Understand the technical, contractual, financial and operational facets and should have prior experience in at least one of the technical areas.
EDF Energy has the Gold Standard for Diversity & Inclusion and continues to operate a Final Salary Pension Scheme, apply now to become part of a sustainable energy future.