IT The Purpose of the Role Under the management of the Senior Cyber Security Compliance Manager, the Cyber Security Compliance Manager is responsible for maintaining the Cyber Security policy and standard suite and ensure alignment with the controls in our GRC tool.
They are responsible for the annual review and update of the ISMS documentation and the POL security policies and standards Furthermore, the role requires subject matter expertise in the maintenance of an information security management system and the underlying components of running an ongoing security awareness campaign, the Cyber Security Compliance Manager will accountable for the planning of the annual security awareness campaign as well as execute the associated communication plan.
The Cyber Security Compliance Manager is also responsible for managing third party assurance.
They will be conducting cyber security reviews on suppliers, contract reviews on existing and new third parties and providing security attestations to internal and external contacts when required.
For this, establishing good relationships with adjacent teams such as Procurement, wider Cyber and IT is necessary.
In addition, they will be independently required to support and provide advice to ongoing projects running in the PostOffice and support reviews of external suppliers.
Some technical experience and good knowledge of Cyber security and Information Assurance are required.
Flexibility within this role is essential due to the diverse nature of PostOffice's business.
Working cohesively with other members of the wider IT Security, IT, Risk and Compliance and Data Protection teams is essential.
As part of the Cyber Security Compliance team, the role requires cohesive and supportive relationships to be developed both within and outside of the team.
The role will support the function to build a successful brand and be known as a 'go-to' team for all matters relating to information security compliance.
This is an excellent opportunity for candidates who want to bridge the gap between technical security management and the business side of information security assurance.
Principal Accountabilities • Maintain the Cyber Security Policy and Standard set to ensure that it is kept up to date and change control applied.
These documents would also need to be uploaded to the intranet site and changes communicated both internally and to our suppliers.
• Manage changes in modifying the scope of the ISMS based on the business needs, providing our clients, partners, and suppliers' assurance of our security governance.
• Identify shortfalls within business processes and advise the business on the resolution along with the appropriate timescales.
• Conduct cyber risk assessments, both rapid and in depth, for third parties, depending of business needs.
• Lead and maintain the mitigation plans for the various third parties that ensures compliance to POL policies and standards.
• Conduct contract reviews for ongoing and new suppliers.
• Relationship management with leaders of other functions and business units.
• Manage and deliver the ongoing Security Awareness Campaign and defining value through metrics, both for the back office and within the branches.
• Support business areas in developing a positive security culture.
• Be visible to PostOffice staff and stakeholders and regularly activities to build trust with people involved in security, demonstrate insight, knowledge and add value.
• Escalate issues to the Head of Cyber Security Compliance.
• Support supplier reviews and internal PostOffice projects, which will feed into the supplier management framework to assess suppliers against a maturity scale.
Qualifications, Experience & Skills • Experience in cyber security, information security, IT security or similar area.
• Qualifications such as CISM, CISA, CISSP, CRISC are desirable.
• Experience creating treatment plans and reporting on findings.
• Experience conducting contract reviews.
• Understanding of cyber security threats, vulnerabilities and their impact in systems and various environments within the organisation.
• Deep understanding of security controls' standards such as ISO27002, NIST CSF, COBIT, etc.
• Strong Information Security knowledge (preferably with at least 5 years of experience).
• Knowledge of ISO27001, ISMS, Cyber Essentials Plus and ISO22301 Business Continuity.
• Practical and current knowledge of information security threats, countermeasures, mitigation and industry best practices.
• Experience of implementing a security awareness and culture change programme.
• Excellent communication and report writing skills.
• Experience at the organisation and management of meetings.
• Strong influencing and communication skills to ensure effective stakeholder management across all levels within the organization.
• Strategic thinking to ensure the role makes a significant contribution to the business becoming commercially sustainable in the longer term.
• Self-starter with positive proactive attitude and able to work collaboratively.
• Organised and structured in approach.
• Excellent team-working skills.
• Diplomacy and tenacity.
• Report writing.
About PostOffice The PostOffice has thrived at the heart of high streets and local communities across the UK for over 370 years.
As one of the country's most trusted brands, we take our commitment to providing essential services to customers across the UK very seriously.
We're the UK's largest retail network, as well as the largest financial services provider in the UK, with over 11,600 branches nationwide - more than all of the UK's banks and building societies put together.
We know that the best way to provide a great service for customers is to evolve our business and adapt to their changing needs.
That's why we have a range of over 170 products and services, from personal financial services like banking, insurance, payments and travel money, to telecoms and, of course, mails.
And we're improving our online and in store experience for customers.
We know that our customers never stop changing, so neither will we.
We're here, in person, for the people who rely on us.
Our Ways of Working underpin everything we do, they are the How of our business strategy.
They differentiate our business and aim to inspire great behaviours and align our colleagues around specific actions in order to be the organisation we want to be, and achieve our business goals.
By living the Ways of Working each day, you will help make that vision a reality and enable our cultural transformation.
In short:
Working in partnership , as one team , we deliver amazing results! The PostOffice embraces diversity and inclusion in the workplace and actively promote working without discrimination.
We are also a Disability Confident Employer and are committed to interviewing disabled people who meet our minimum criteria for the job. PostOffice LondonEngland
