Montash have been engaged by a Leading FTSE 100 Travel and Tourism retailer to source an Information Security Lead to work on a programme of work across 5 work streams for a 6 Month contract. You will work with the different work streams providing security assurance- working alongside another Security Lead, Compliance Coordinator, Head of 3rd Party Assurance and a Project Assurance Analyst.
The role involves a large amount of working with third parties and outsourced parties, so you will need to delve into the way they work and look at SLA's and KPI's as opposed to just making assumptions on time lines. You will need to understand their processes as some of the areas of the business are not as mature as others.
As an Information Security Lead you will be an expert in Security Project Assurance and will lead the client's effort to further their Security System Assurance against good practice standards from a governance, technical and stakeholder perspective.
Your role will be to manage the security work streams for an Enterprise IT Transformation Programme.
You will be required to document decisions made and standards used, along with ensuring alignment with wider policies and the Information Services Group function
Stakeholder skills are important as you will regularly be reporting to stakeholders and the wider information security team.
Your primarily responsibility will be to advise and report to the Information Security Manager/Program Manager on the status of the projects within the IT Transformation Program workstreams.
The role will involve some travel to Stockholm.
- Good mix of technical skills - hybris being highly desirable with cloud, AWS, encryption etc also good
- Transferable experience on relevant similar projects ie reservations systems, highly transactional ecommerce retail etc
- Exp of security architecture
- Experience of governance
- Exp on differing operating systems and models
- Previously produced security assessment reports and documented decisions and standards used
- High level Stakeholder liaison and reporting - ie Analysts, PM's, BA's Security Architects etc
- Able to translate technical detail to non technical staff
- Worked in a fast paced environment
- Exp with outsourcing and third parties
- NIST / SANS and OWASP top 10
- Experienced with security aspects of full development lifecyle
- Aware of PCL and DPA
- Able to liaise with commercial / legal teams at times