Chief Information Security Officer - West Malling, United Kingdom - Commercial Services Group

Commercial Services Group

Verified Company

West Malling, United Kingdom

3 weeks ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

About Commercial Services Group

Commercial Services Group (CSG) is one of the largest providers of public sector and education procurement services globally, with revenues of c£500M, 1800 staff and six trading divisions: Global Education Supplies, Procurement, Energy & Carbon, Community Services, Professional Services and People Services.

Wholly owned by Kent County Council, CSG supports over 15,000 customers in 86 countries and collaborates with a supply chain of c1,000 suppliers.

The Role

The CISO position requires a leader with sound knowledge of business management and a good working knowledge of cybersecurity technologies, and they will also oversee and collaborate with business stakeholders and security teams on a variety of risk management activities.

A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the organization and will proactively work with business units and ecosystem partners to implement practices that meet agreed-on policies and standards for information security.

The CISO should understand and articulate the impact of cybersecurity on (digital) business and be able to communicate this to the executive directors and other senior stakeholders.

Key Duties

Develop an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensures senior stakeholder buy-in.

Develop, implement and monitor a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization.

Facilitate an information security governance structure through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.

Design and implement the information security approach, risk-based control framework and operating model in consultation with stakeholders to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.

Ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory and contractual obligations.

Process owner of the appropriate second-line assurance activities not only related to confidentiality, integrity and availability, but also to the safety, privacy and recovery of information owned or processed by the business in compliance with regulatory requirements.

Provide regular reporting on the current status of the information security program to enterprise risk teams, senior business leaders and the executive directors as part of a strategic enterprise risk management program which supports business outcomes.

Develop, socialize and coordinate approval and implementation of security policies

Work with the procurement teams to ensure that information security requirements are included in contracts.

Direct the creation of a targeted information security awareness training programs for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.

Coordinate disparate drivers, constraints and personalities, while maintaining objectivity and a strong understanding that cybersecurity is foundational for the organization to deliver on its business goals and objectives.

Work effectively with business units to facilitate information security risk assessment and risk management processes and empower them to own and accept the level of risk they deem appropriate for their specific risk appetite.

Build and nurtures external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks.

Liaise with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.

Liaise with the enterprise architecture team to build alignment between the security and enterprise architectures, thus ensuring that information security requirements are implicit in these architectures and security is built in by design.

Ensure adherence to best practice standards and maintain relevant certifications including, but not limited to, ISO 27001, Cyber Essentials Plus, PSN, NHS DSPT, ISO 27701

Establish and embed an effective Privacy Compliance Framework, working closely with the DPO and Data Protection Leads to ensure the Information Security and Personal Information Management Systems are effectively integrated.

In return, CSG will offer you: