Location – St Albans
We are currently looking for an experienced Information Security Manager to join our Technology department. This role will be responsible for the Information Security Policy, ensuring that we are abreast of the latest security threats that could impact our business and relevant risk actions that we may need to take.
Sky IQ currently work within BSkyB and a select number of FTSE 100 companies providing world class consumer insight and customer management solutions. We are familiar with the challenges organisations face as they look to better understand their customers and provide software and services that turn this understanding into action that improves marketing effectiveness and business performance.
The key responsibilities will include;
• Identify current risk position for Sky IQ, recognising and managing potential exposures in order to minimise Information Security risks.
• Create, manage & review exceptions to Policy, confirming risk statements in order to assess action plans adequately and address the risks identified.
• Perform security risk assessments and provide specialist Information Security input to support major change programmes, ensuring recommendations & compliance with appropriate solutions.
• Ensure risks are properly evaluated and recorded, including mitigating action plans which must be monitored to completion.
• Escalate where appropriate any failures to comply with Information security controls in application/system implementation.
• Ensuring Sky IQ continue to review the current market place in respect to threats and technology developments.
• Support our legal and commercial teams in drawing up client contracts, specifically covering security schedules.
• Acting as Sky IQ’s Information Security point-of-contact within the BSkyB group.
The successful candidate will possess the following;
• Specialist knowledge of Information Security risk assessment and control management.
• A working knowledge of the ISO27000 series and how to apply it within an agile organisation.
• In-depth IT and Information Security knowledge and experience.
• Knowledge of the legal and regulatory environment (e.g. ICO).
• Experience of a Security and Risk function.
• Proven track record of performing a similar role in the following environments:
o TCP/IP networks
o Penetration Testing
o Malware mitigation
o Authentication techniques
o Application Security
• Security industry certification such as CISSP, CISM, CISA is preferred.