Contract Type
Permanent
Contract Type
Monday to Friday, 08:30-17:00 or 09:00-17:30. A minimum of 37.5 hours per week. Limited travel to external sites will be required. Occasional international travel.
Location
Currently work from home - transitioning to Chorley office
Department
Information Security

Summary

We are an innovative and market leading software & services company based in Chorley serving clients in the utility sector ranging from new entrants to large existing suppliers.  We deliver sophisticated software solutions and managed services in a Private Cloud infrastructure, servicing both traditional and modern real-time, smart energy clients.

Responsibilities

  • Implement Governance, Cyber Security and Privacy frameworks to meet legal and regulatory requirements.
  • Provide leadership for the development of modern cyber security, governance, polices and standards which are relevant and achievable.
  • Liaise with Company leadership to ensure alignment of Cyber Security and compliance initiatives with business objectives.
  • Foster the execution of cyber security as a business enabler.
  • Create and design overarching policies such as the corporate compliance policy, security compliance and risk policy, product security policy, information security policy, security audit and change policy, corporate audit and change policy and any other relevant policy.
  • Ensure sub polices, processes and procedures are aligned with corporate guidelines and regularly reviewed.
  • Create and manage a corporate compliance register, supplier register, contract register & risk register ensuring alignment with departmental versions.
  • Create and manage a corporate governance pack that will formalise risks, document control, processes, objectives etc.
  • Take part in and monitor external audits and surveys including ISO and Denison.
  • Perform regular information audits across the business ensuring compliance with GDPR/PECR.
  • Represent ESG Global (Energy) Ltd at tech events, industry forums and government bodies.
  • Analyse the changing market environment and ensure product roadmaps are aligned with governance and security requirements.
  • Assist with the internal SDLC processes and monitor any issues, vulnerabilities or compliance notifications in development creating adequate quality gates to monitor products.
  • Ensure Open Source Governance Standards are maintained, licences reviewed, and obligations fulfilled.
  • Monitor the external threat landscape and produce reports detailing the risks to the business.
  • Ensure BCDR Plans have been created and are regularly tested.
  • Monitor patch releases and ensure IT and Service Ops are kept up to date of any risks.
  • Ensure Pen Testing takes place to highlight any security issues with products and manage any remediation activities that need to occur.
  • Perform security audits, BCDR audits, risk assessments and change reviews identifying any areas for improvement and managing the remediation activities.
  • Set up and maintain an internal audit programme ensuring companywide oversight.
  • Act as the companies Data Protection Officer
  • Manage and mentor a team of security and compliance practitioners.

About You

  • Working to tight deadlines.
  • Analytical thinking and attention to detail.
  • Good communication skills, both written and verbal.
  • Must be able to work independently and as part of a team communicating with all levels of staff.

Qualifications, Attributes and Experience

  • Appropriate certifications in security (CISSP, CISA, CISM, and risk management etc.
  • Demonstrable leadership and personnel skills.
  • Solid experience in security leadership roles

ISO Awareness

  • ISO Responsibilities
  • ISO Staff Awareness
  • Follow IMS Policies
  • Reporting of Incidents