Standards and Compliance Team Lead

Coventry Walsgrave Triangle
12 Apr 2018
17 Apr 2018
Contract Type
Full Time
Leading and managing the Standards and Compliance Team on the creation,review and delivery of Information Security Standards and Compliance.The team have two main functions; firstly creating documentation,reviewing existing and new technologies and educating colleagues on thebest security practices for Sainsbury's. Then secondly Identifying andAssuring the variety of Business Partners who hold Sainsbury's Dataalong with internal audits for compliance in line with ISO27001, PCI DSSand General Data Protection Regulation (GDPR). Includes ensuringadherence to Policy, Standards, Legislation and Regulation and theperformance of other administrative duties relating to InformationSecurity Management.What I need to do Lead and manage your team of Information Security Analysts, includingdirect line management, technical management, training, professionaldevelopment and discipline Create, Review, Investigate and Educate on technologies new to andused by Sainsbury's and define Security Standards for governing their employment Investigate, Audit and Educate Sainsbury's Internal Business teams andBusiness Partners for Compliance against ISO 27001 and PCI DSS Support the development of Sainsbury's Policy on Information Security Identify and manage the risk relating to Business Partners that shareSainsbury's information and interact with Sainsbury's technologies Support Sainsbury's Data Governance in protecting Sainsbury's information Deliver high quality Reports, Presentations, Processes, Procedures andRisk Assessments to all levels within Sainsbury's and its associatedBusiness Partners Lead and contribute to Continual Process Improvement Provide sound analysis-based decision making using InformationSecurity best practice as your guide Multi-task and lead or support a number of different tasks simultaneously Deliver high quality work to meet Sainsbury's expectations andbusiness needs Have a keen interest in security and thrive on complex challenges Be self-motivated and motivate others keeping morale and performance high Maintain Professional Development Support other Information Security related tasks as required Have involvement with all Information Security functions includingProjects, SOC and Security Testing to ensure Policies, Standards andAwareness initiatives support their processes Perform rotational on-call duty for out of hour's second line responsefor Security Operations Centre Incident ManagementHow I will succeed Effectively lead and manage your team Delivery of a professional Information Security service to Colleaguesand Customers Accurate management of Assessments and Audits Successful completion of allocated tasks Compliance with Sainsbury's Information Security Standards Recognition as an Information Security professional Continuous Personal Development Keeping up to date with latest industry knowledge and trends Excellent feedback from customers Talkback 360 degree feedback from colleaguesWhat I need to know Degree (Preferred) or relevant industry experience - Essential Professional Security qualification (Current CISSP or CISM preferred) ISO 27001 Lead Auditor or Lead Implementer qualification Knowledge of Data Protection Act and PCI DSS Knowledge of General Data Protection Regulation (GDPR) Knowledge of the principles of Information Security in a commercial environment Understanding of network architecture, protocols and principles Understanding of Security Risk Analysis techniquesWhat I need to show Leadership and Team Management skills Soft skills Development of Standards and Policies Auditing of Infrastructure, Applications and Processes to ensure theyare secure Works collaboratively with a range of people to support the widerbusiness agenda Process Improvement and Design Information Security related knowledge and experience Methodical and logical thinking Oral and written communication skillsResources available to me Software licences, hardware, documentation and management tools ofrelevance to the role 3rd Party service providers (as appropriate) A dedicated team to deliver tasks and responsibilities Cloud Security Tool Network and Infrastructure Support The Information Security team Proactive Management teamWhat decisions I can make Team management and leadership Collaboration on team recruitment Significant freedom to contribute to the design and operation ofwithin-team processes Process improvement*LI-SS - provided by Dice CISM, CISSP, CLOUD, DEGREE, INCIDENT MANAGEMENT, INFORMATION SECURITY, INFORMATION SECURITY MANAGEMENT, ISO27001, RISK ANALYSIS, SECURITY MANAGEMENT