IT Security & Governance Analyst
Peterborough - £Neg
- BUPA Cover
- 10% matched pension
- 26 days holiday + Bank holidays
- Company product discounts
A global family of ingredient companies and one of the largest producers and distributors in the world, striving to be the leaders of innovation within the industry. With over 7,000 employees working across 51 plants, a presence in 33 countries and sales in over 90 countries.
You’ll report directly to the Global IS Director and be the central point of contact for all IT Security and Governance related initiatives, activities and compliance globally across the group. You’ll be chairing and managing policy meetings as well as sitting on the change board.
Outcomes / Deliverables:
- Point of contact for IT security; Represent the IT Security steering group, liaise with security operations team.
- Co-ordinate and improve internal IT Security governance – Chair the IT Security Forum and liaise with Finance and IT Leadership teams and with the Board as required.
- Operate and be the Global subject matter expert on the Archer GRC tool; follow-up with countries in the event of deviations in scorecard performance.
- Measure and report on compliance with Policy, security risk identification and development of the security roadmap (improvement plan) and provide clear line of sight of business security risks and progress being made.
- Ensure that security policies are reviewed and maintained.
- Work with the IT security team to develop annual budget and understand country cross-charge model; communicate internally in a timely manner.
- Implement security incident response process
- Co-ordinate the deployment of security vulnerability management programmes for internal systems & websites and management of the response plan.
- Ensure appropriate focus is placed on patch management activities
- Co-ordinate new security initiatives into the businesses.
- Oversee delivery of security awareness programme and Scorecards metrics reporting.
- Ensure 3rd party arrangements/contracts have appropriate security controls; Ensure relevant security and data handling requirements are considered as part of solutions design and planning activity, including those provided by third parties.
- Raise the profile of security within the organisation by being proactively involved with stakeholders and customers. Provide consultation and/or education as needed and drive the adoption of security as a value add / best practice.
- Facilitate the IS involvement in annual audit, completing all IT compliance – KSAT, Change control, Exception approvals, vendor documentation, Audit prep, etc.
- Build and maintain quality relationships across the IT functions of international businesses and the IT Shared Service Centre.
- Support IT governance for Central and Strategic ERP systems.
- Facilitate IT Change control governance and compliance.
- Ensure that processes are documented by relevant teams and communicated in language that is relevant and understandable to international and/or non-technical audiences.
- Inform, engage or train colleagues on best use of problem and IT change management.
- Lead problem management/change reviews in order to drive improvements.
- Manage the risk of unavailability of services by ensuring that Disaster Recovery and Business continuity planning are considered as part of implementation and change, and that constant review and testing takes place to ensure solutions are effective and meet requirements.
Experience Essential Knowledge & Experience:
- Excellent technical skills gained in an Application/ Infrastructure/ security background; Data management, data security best practices.
- Experience in IT Security-Related principles. Desirable experience would include:
- ISO 27002 (Information Security)
- Security Incident Management knowledge
- Understanding of vulnerability management.
- Knowledge of security vulnerabilities, advisories, incidents, and penetration techniques.
Key Objectives for First 12 Months
- Develop understanding of the business and the group – complex and diverse
- Develop understanding of company Ways of Working – especially LGL governance
- Develop detailed understanding of IT security program and establish rhythm in delivering communications and support to all local units
- Implement improvements to internal processes to get improved outcomes
- Stakeholder management – identify key stakeholders and develop good working relationships.
For a confidential chat and to find out more please do contact Sam Page at identify Global:
01908 88 60 37