- To work collaboratively with colleagues and take personal accountability to maintain and enhance controls you are responsible for to support improvement of the overall control environment, customers outcomes and a reduction in MG s operational risk.
- Accountable for managing and motivating team members to ensure quality of delivery to customers and stakeholders.
- Demonstrable consultative and delivery skills in Information Security projects, work prioritisation and planning with the ability to analyse complex issues, recommending and implementing tools or solutions where appropriate.
- Overall ownership and leadership of significant, and complex, components of work relating to Enterprise Security, including risk assessments, system reviews and consultancy.
- Ensuring supply Chain Security requirements are embedded within all new architecture and infrastructure, working with Security Architecture, Project Management, Development teams and third parties to ensure the implementation of the required level of security functionality into all new products and services.
Additional Responsibilities :
- Systematic assessment of Supply Chain Security Risk in the business and development of appropriate strategies to manage this risk.
- To ensure that policies, standards, processes and guidelines are embedded and communicated across the business.
- Provision of specialist consultancy and advice on Supply Chain Security management to managers, project teams and infrastructure delivery teams (including provision of guidance on conformance with the legal aspects of information processing, e.g. GDPR, Computer Misuse Act etc).
- Ensuring that technology and processes are well managed so that every effort is made to secure all customer and sensitive data held by MG
- Development of Enterprise Security controls and guidelines, and the subsequent process of communication with the business.
- Research, assessment and reporting of security vulnerabilities and recommending appropriate remedial actions.
- Evaluation of Enterprise Security tools, products and solutions, and contributing to the decision process for their purchase and use.
- Development of new ideas to contribute to the continued success of the department and the services provided.
- Providing specialist advice and guidance to managers, project teams, infrastructure delivery team and Enterprise Security peers.
- Conduct trainings to educate and develop security awareness in the workforce on information security
- Assist in management of security incidents relating to Supply Chain.
- Compliance - To ensure that you understand and adhere to MG s Code of Conduct and, where appropriate, comply with all relevant regulatory policies. This includes completion of any mandatory training requirements.
- Performance Management - To ensure the delivery of People Management and that all its processes and tools are fully utilised in managing your people.
- Ensure Enterprise Security Privacy internal and external audits are effectively communicated and subsequent remedial activities are followed through to agreed actions
- To demonstrate a positive risk, compliance and control culture through the identification, assessment, monitoring and management of risks and issues within the business area, alongside ensuring timely and appropriate resolution of control weaknesses, actions and failures that arise.
Stakeholder Management
- Stakeholder Management demonstrating a can do attitude; good relationship skills, able to effectively listen, communicate, challenge, influence and deal with people at all levels.
- The ability to negotiate and influencing stakeholders in relation to assessments and contracts and the importance of this.
- Manage significant interdependencies, collaboration and stakeholder management across the MG organisation.
- Build and maintain a network of contacts, both internally in the MG organisation, and externally in the security industry.
- Represent the CISO function at security and governance committees as required.
- Build strong relationships within Enterprise Security, ensuring that strong business management disciplines are embedded into the wider security operational capability.
- Engage proactively with key business stakeholders internally and with outsourcers, to ensure ongoing operational and strategic alignment.
