Senior Delivery Manager - Information Security

16 Sep 2017
18 Sep 2017
Job Type
Contract Type
In a nutshell Following several years of Digital Transformation, a move to agile ways of working and an operating model that supports multi speed delivery, the Information Security team is looking for a Senior Delivery Manager. The Senior Delivery Manager, reporting to the CISO, is accountable for the successful delivery of a portfolio of projects and the adoption of information security solutions and compliance with security policies, which can be delivered through agile, waterfall or hybrid methodologies. The projects need to deliver business benefit to time, cost and quality, whilst being managed to an acceptable level of risk. We are looking for an experienced manager who has proven experience of delivering Information Security Capabilities, Tools and Technologies and managing a Team of 6-10 Delivery Managers and their respective teams of technical resources. You'll expand and mature the team's capacity to partner with strategic initiatives and build in security by design. You'll typically be leading the delivery of the Information Security and PCI DSS programmes, whilst taking a smaller, advisory role on others. The Senior Delivery Manager is required to provide leadership, coaching and mentoring to the delivery team to develop a motivated and successful delivery capability with Sainsbury's. What I need to do Act as principal point of contact for delivery within the Information Security function Responsibility for the delivery of the Information Security and PCI DSS programmes Deliver Information Security Capabilities, Tools and Technologies as per the Security Product Owner Team Roadmap. Accountable for the delivery of business benefit through programmes of work to meet the agreed business requirements within time, cost and quality constraints, in accordance with the agreed standards & methods, working with the relevant teams across the business to achieve the desired result Ensures that a robust business strategy/business case is developed in conjunction with the business and that the right level of business support and signoff is obtained. Ensures all elements of the solution comply with the standards and policies issued by Technology Planning throughout the life of the project Responsible for Project Management and Delivery Leadership Maintain a programme governance framework which, in turn, delivers the benefits and outcomes needed to meet the vision Develop a work breakdown structure (WBS) for the project and achievable plans to deliver the products defined in the WBS and that these are validated by all key stakeholders Assemble and maintain a team capable of delivering the programme and its associated benefits, appropriately leveraging internal resources, third-parties, and the business community Ensure that the business focuses on developing appropriate acceptance criteria, appropriately testing against functional and non-functional requirements ?? Ensure elements of the Sainsbury Operating Model and Project Management Framework are applied as appropriate?? Champion and drive further best practice governance and methods providing feedback to IT Transformation and IT Delivery on the Operating Model and Project Management Framework?? Establish a culture of risk awareness and proactively manage risks and issues?? Ensure robust financial management of the project in accordance with policies?? Responsible for ensuring the best long term value for money is obtained through the delivery of the programme and finalise the commercials for sign off as appropriate?? Develops highly effective relationships with colleagues at all levels in the organisation to deliver the optimal solution, escalating to the Project Sponsor where necessary (providing evaluated recommendations) to ensure the programme is completed to time, cost and quality, while balancing the need to deliver the business benefits and to do so in a way that minimises long-term cost of ownership. ?? Ensures key stakeholders remain appropriately informed of the programme's progress?? Responsible for managing, developing and appraising the project team, ensuring teams are highly motivated & focused on delivery (including co-operation/co-ordination across teams on other related projects) while balancing colleagues career aspirations?? Responsible for quality-assuring the programme against the agreed quality assurance standards, leveraging independent assessments and audit where appropriate?? Regularly reviews the progress of projects and programmes within the portfolio to ensure effective management to the change of requirements, milestones, risks, etc to improve the efficiency of resources?? Contributes to post-implementation reviews and contributes back to the wider knowledge base of expertise How I will succeed Solutions delivered adhere to the defined Information Security Policies and Standards and Enterprise Architecture standards Business benefits are delivered in line with business cases Projects/ Programmes are delivered on time, at agreed cost and quality, and meet operational resilience requirements at an affordable long-term TCO Business satisfaction scores confirm delivery to expectations Actual costs in line with budgeted costs: Next period's forecast should be at least 80% accurate Colleague Engagement Index What I need to know Educated to degree level desirable but not essential Qualified/Certified in Programme/Project Methodologies e.g. Managing Successful Programmes (MSP), PRINCE 2, APM Body of Knowledge etc. Knowledge of Information Security Capabilities, Tools and Technologies. Track record of applying varying project management, tools, technologies & techniques with expertise in best practice project management methodologies and approaches - including effort estimating techniques, work breakdown planning and project management disciplines Understanding of IT architecture, design, development methods, assurance and testing techniques and operational service & support, as well as business change management techniques and best practice Experience and knowledge of the IT investment evaluation process, including cost/benefit analysis and estimating IT cost/resources for both defined & undefined initiatives Expert in coaching others to constructively challenge situations and to make decisions based on the weeks ahead Experience of delivering projects through a variety of methodologies including Agile and Waterfall and can articulate the advantages and disadvantages of these methods in relation to different programmes of work Experience in energising and leading the team through enabling them to see how their work impacts the business results and ensuring they remain informed on relevant business information Has a broad knowledge and understanding of IT concepts and architectures including Cloud, BYOD, Mobile Device Management, Access Control etc. What I need to show Track record of successfully managing large or complex IT programmes/ projects through the full lifecycle (with experience of both agile and waterfall life-cycles) with an ability to manage multiple stakeholders with varying objectives Proven record of delivering Information Security Programmes/Projects including, but not limited to the following: SIEM, CASB, DLP, Malware Detection, End Point Protection, MFA, PKI, Incident Response & Forensics etc. Ability to challenge/influence business strategy/business case/requirements, and prioritise requirements on the basis of business benefit Organised and structured with a strong attention to detail and a demonstrable ability to break down complex problems into phased deliverables Ability to recognise the importance of the customer through creating opportunities to talk to customers on a wide scale (highlighting the IT Division's successes) and supporting/enabling decisions to be made based on customer feedback, insights and trends Can proactively reflect and challenge when results aren't being achieved and address areas requiring resolution. Able to coach others to recognise barriers to success and enables others to manage these issues Enables team to work collaboratively with a range of people to support the wider business agenda Coaches others to translate complex/technical issues clearly to meet the competency level of the audience Resources available to me CISO for escalation and support Information Security Managers and Senior Security Product Owner Team of colleagues assigned to Information Security Management structured into five functional areas i.e. Standards & Compliance, Project Assurance, Security Testing, Security Operations and Security Product Owners Domain Security Architect, Enterprise and Solution Architects, various Working Groups including Data Governance Committee, Customer, Colleague, Finance etc Industry and national bodies Delivery Managers Delivery Teams JS management systems Jira / Clarity etc What decisions I can make Decisions as necessary to ensure successful delivery of the programme Sign-off of programme/project plans and deliverables Recommendation to stakeholders on system and business readiness Recruitment of Delivery Managers and other Delivery Team resources. *LI-LS