Long

Location: Newbury, hybrid working
Salary: Excellent basic salary plus bonus and Vodafone benefits
Working Hours: Full time hours per week – Mon to Fri

At Vodafone UK we believe that through collaboration and connection with our colleagues we can achieve great things. Our hybrid working approach allows our people to work both in the office and at home, providing the flexibility and resources you need to succeed in your role. We don't require you to be in on specific days; instead, we ask people to come into the office 2-3 days each week, on average 8 days a month. Our “Office in a Box” home working kit will provide you with everything you need, no matter where you are.

Who We Are

At Vodafone UK, diversity isn’t just a buzzword, it is core to who we are as a company. We’re proud to be certified as a Great Place to Work and are committed to driving inclusion for all; creating a workplace that is fully representative of the communities and customers we serve.

Join us at the heart of Vodafone UK in Corporate, one of the central support functions that underpin our business and keep us moving forward. We provide centralised support, expertise and guidance across our UK and Group operations, continuing to build on our success and trailblazing the way to our next stage of digital growth.

What you'll do

The Government Security Team is responsible for providing operational support to government and law enforcement agencies in order to meet our obligations under the Investigatory Powers Act. Technical solutions are at the heart of our ability to meet these obligations, and in the process, help fight serious crime and save lives. We offer an industry leading capability and need the best people to ensure we maintain this.

As the Information Security Manager you will be the security authority and primary point of contact for the team. You will be accountable for ensuring our operation, platforms and data are secure. You will implement appropriate methodology, processes and controls to ensure that solutions are secure by design, effective operational and technical security controls are in place and both Vodafone and our suppliers remain compliant with the stringent security requirements placed upon us.

Implement and manage a security governance framework incorporating internal and external stakeholders creating a security focussed, collaborative culture with all parties. Review, interpret and maintain compliance with external (HMG) security requirements and Security Aspects Letters, ensuring appropriate requirements are cascaded to vendors and suppliers and compliance assured. Forge and maintain excellent working relationships with other Vodafone security teams ensuring continued awareness of current standards, policies and processes, applying these where appropriate within Government Security. Implement and manage a robust risk management framework for Government Security, taking ownership and accountability of risk registers as SIRO for the function. Develop, implement and maintain effective security incident management processes, incorporating reporting, recording and resolution. Produce, publish, maintain and ensure compliance with local security operating procedures incorporating all physical locations, operations and personnel. Manage the annual IT Security Health Check process to include scoping, supplier engagement, review and remediation of findings. Identify opportunities and drive changes to improve security of compliance systems taking proactive steps to protect against emerging threats.

Who you are

Security Cleared to SC level and be willing to undergo higher level clearance checks if required. Recognised Information Security certification such as CISSP, SSCP, CISM, ISO27001 lead auditor or extensive experience in working with ISO27001 or similar security framework. Information security risks as well as processes, technologies and tools to mitigate these risks – preferably including the specific risks and countermeasures in the Telecommunications environment. Information security domains - access control, network security, operation security, encryption, etc. Sound working knowledge and experience of different technologies including cloud (preferably AWS) web applications, infrastructure and operating systems.
 

Desirable Skills and experience;

Previous experience of communications data and IPA compliance systems. Knowledge of current UK legislation (IPA, GDPR etc). A good understanding of Mobile Telecommunication Concepts including 5G, 4G and 3G Telecommunication Network Concepts . Experience of security concepts and technologies (defensive and offensive security, security architecture, application security, PCI DSS, OWASP, SANS, NIST, etc.). Previous experience working in IPA compliance systems as well as experience of working with Telecommunications Data. Experience of working within formal security frameworks. Familiar or experienced with legislation or regulation such as: Investigatory Powers Act, NS&I, PECR, GDPR