- Identify deficiencies with security controls via tests, evaluations, assessments & audits.
- Risk-manage exceptions where security gaps/issues are not fully met to ensure risks are owned and decisions recorded.
- Ensuring accountable teams implement compensation controls to minimise impact where security compliance requirements cannot be fully met.
- Support any changes to Security frameworks, laws or standards.
- Respond to both internal & external security queries.
- Provide practical recommendations on security controls where deemed appropriate to the business goals.
- Drive security maturity with improvements where investment or time/effort is proportionate to the level of risk or threat.
- Manage security assurance audits including pre-audit co-ordination & preparation work; assessments during audits; and reporting & tracking remediation work post-audits.
- Knowledge and experience of auditing ISO27001, Cyber Essentials, UK Telecoms Security Act, or any other government security standards highly desirable but not essential.
- Experience and ability to influence stakeholders and manage sensitive discussions is a necessary skill.
- Experience using Governance Risk Compliance (GRC) tools is desirable.
- Risk management experience balancing business goals with security needs.
- Must be able to think and act in the wider risk context rather than just "tick box" compliance.
- Experience of conducting or supporting audits.
Corporate Security Assurance Manager - Newbury, United Kingdom - Vodafone
Description
Location: Newbury+ *Hybrid
Salary: Excellent basic salary plus bonus and Vodafone benefits
Working hours: Full Time
*Hybrid
At Vodafone UK we believe that through collaboration and connection we can achieve great things. Our hybrid working approach allows our people to work both in the office and at home, providing the flexibility and resources you need to succeed in your role. Our "Office in a Box" home working kit will provide you with everything you need, no matter where you are.
Who we are
At Vodafone UK, diversity isn't just a buzzword, it is core to who we are as a company. We're proud to be certified as a Great Place to Work and are committed to driving inclusion for all; creating a workplace that is fully representative of the communities and customers we serve.
Join us at the heart of Vodafone UK in Corporate, one of the central support functions that underpin our business and keep us moving forward. We provide centralised support, expertise and guidance across our UK and Group operations, continuing to build on our success and trailblazing the way to our next stage of digital growth.
What you'll do
Work collaboratively across the business to hold teams responsible for security controls to account, so safeguards satisfy regulatory & certification security compliance that protect Vodafone and our Customers from threats that could compromise the confidentiality, integrity or availability of our assets & services.
Work closely with internal & external stakeholders to maintain & enhance our security controls so that they (1) are aligned to international security standards; (2) meet our customer contract requirements; (3) fulfil our regulatory obligations and (4) support our business goals in 'Customers', 'Growth' & 'Simplicity'.
Customers: Ensure we protect our infrastructure & our customers from security threats, so we retain their trust & confidence by providing guidance on effective & practical security best practices.
Growth: Ensure investment is proportionate & appropriate to the security threats & are aligned with the organisations risk appetite to ensure the business continues to meet its growth targets.
Simplicity: Manage & measure the effectiveness of our security controls by conducting gap analysis, assessments & audits to optimise our safeguards (preferably via automation) that are deemed too complex or ineffective.
Key accountabilities include:
Who you are