Senior Analyst Information Security & Data Protection

UK Based

Hays working for your tomorrow

We're on a journey as a global business to build the technology of tomorrow and continue to lead from the front across our industry. We want to redefine and reshape our technology strategy in the face of a rapidly evolving digital world, looking at new ways to leverage AI and innovative technology. Our vision is to create a more integrated and product-led organisation, designing holistic global technology solutions that enable us to continually improve the way we deliver our services, both internally and externally.

The role

The role reports to Head of ISDP Governance and is responsible for supporting the development, review, implementation and maintenance of Enterprise ISDP policies, procedures and guidelines in line with the ISO 27001 standard. The role involves implementation of security risk management framework, driving employee secure behaviours and liaising with third line of defence on internal and external assurance activities.

Key Responsibilities:

Policies and framework management:

• Implement and maintain information security policies, procedures, and guidelines aligned with ISO 27001 standards.
• Implement and maintain ISDP intranet for easy access to ISDP artefacts.
• Effective and consistent implementation of these policies and framework across the organization.
• Support delivery of ISO27001 certification roadmap.

Security culture:

• Develop, renew, implement and maintain annual training for employees, including new hires.
• Conduct regular targeted campaigns to promote a culture of security.
• Perform periodic simulated phishing exercise to assess employee awareness.
• Work with relevant business units to improve cybersecurity awareness.

Assurances:

• Support internal or external ISDP assurance activities.
• Support management of security management plan (SMP) of activities with strategic suppliers.
• Collaborate with internal and external stakeholders to coordinate assurance activities effectively.

Stakeholder Communication:

• Appropriately communicate security requirements to key internal and external stakeholders.
• Ensure alignment with business goals and risk management strategy.

Metrics and Reporting:

• Support development of a metrics framework to effectively measures employee behaviour and compliance with policies.
• Ensure effectiveness of awareness programme.

What you will need to succeed

• Commitment to delivering high-quality, prompt and efficient service to the business.
• Ability to own and drive security initiatives for desired outcomes.
• Some experience in information security governance, policy development, and framework implementation within a global organisation.
• Knowledge of ISO 27001 standards and other security best practices.
• Analytical thinking and problem-solving approach
• Ability to influence and convince others to make appropriate changes in their priorities and behaviours.
• 5+ years of experience working in a complex technology and business landscape
• Education (Degree level, Professional certifications such as CISSP, CISM or ISO27001 LA)

What You will get in Return

• The opportunity to make a seismic impact and help enable the business through the delivery of effective digital solutions.
• The opportunity to work in a business that values people at the heart of what they do and creates a support and inclusive environment to enable you to flourish.
• The reward and benefits associated with this role will be competitive to the market and experience of the successful candidate.

For more information of the role and for an informal conversation please apply now.