Information Security Consultant

House of Fraser
London (West)
12 Oct 2016
25 Oct 2016
Contract Type
As a member of the Information Security Team you will be responsible for providing information assurance and security analysis, including vulnerability and risk assessment support through the utilisation of established security and risk management solutions. Working with the Head of Legal and Compliance to reduce risk across the business, raising awareness of the implications of non-compliance to information security related legislation and policy. Key Accountabilities and Responsibilities Governance & Regulatory - Support with the completion of the annual ICO registration, working in partnership with team members to maintain an up to date record of HOF’s company entry on the Register of Data Controllers which accurately reflects the Company’s processing activities Compliance & Risk Management - Carry out PCI impact assessments on projects where appropriate adopting a risk based approach, continuous monitoring of vendor and threat intelligence feeds to identify vulnerabilities that affect HoF and produce plans to deal with them. Continuously develop cyber security related processes. Commercial & Supplier Management - Regularly audit, evaluate and assess any risks associated with the outsourcing of information processing with existing, and new 3rd Party Providers · Policy Management- Assist with the development and maintenance of policies, procedures and guidelines which provide assurance of compliance with HoF’s relevant legislative commitments Communication - To provide guidance and awareness around information security that may require the company to take a course of action which could involve substantial impact on resources, including providing internal technical advice in connection with potential or actual data security breach incidents and the notification to the ICO. Technical Skills and Experience Required Emphasis will be on a solid technical and risk background ISO27001 and COBiT knowledge CISSP or CISM essential; CRISC, CCSP, CEH or equivalent desirable Experience of working within fast paced, multi-channel customer focused organisations, ideally in the retail sector. Experience of carrying out PCI impact assessments is essential. Understanding of current UK data protection requirements and strong current awareness of the changes to be implemented by the new General Data Protection Regulation and cybercriminal activity, ideally a qualification in data protection such as ISEB or BCS Practitioner certificate Understanding of systems and processes involved in gathering, storing, transferring and collecting data in an international context, especially transfers out of the EEA This job was originally posted as