Project Assurance Manager (Information Security)
The ever-changing retail market with multichannel capabilities driven by evolving technologies and interactive customer-focused applications is an attractive target for attackers. As Project Assurance Manager within our InfoSec team,you will be responsible for working with project and operational teams to ensure security is implemented within projects and embedded in operations.
The role will require a diverse background in the security and IT operations, risk management, project and supplier assurance through adherence to internal policies and relevant compliance standards. You will be overseeing a team of Project Assurance Leads to ensure that all projects and suppliers are risk assessed and mitigated to an acceptable level of risk, with an auditable trail of documentation.
•Triaging all new projects and suppliers;
•Produce security and risk management reporting;
•Attend business governance meetings as required representing the InfoSec Assurance team;
•Review and QA all documentation produced by the team to ensure compliance to process and best practise, making appropriate challenges;
•Prioritise effort, ensuring stakeholder expectations are met and/or managed;
•Support IT and Business transformation projects by ensuring they are risk-assessed and controls and security requirements are met through the transformation lifecycle, including compliance requirements such as GDPR, ISO 27001 and PCI-DSS;
•Own and manage the Project and Risk Trackers, as well as the InfoSec Assurance mailbox.
•Manage the end to end InfoSec Assurance framework and for its development and improvement over time;
•Develop information security processes and procedures alongside business and IT stakeholders;
•Scope, arrange and support security testing, including penetration testing
Required Skills & Experience:
•You will currently have 5+ years significant and diverse audit and assurance experience in Infosec project and supplier assurance;
•Proven experience of planning, managing and coordinating the work and resource;
•Proven experience in dealing with risk and assurance management activities, with a strong pragmatic approach in reducing risk to levels appropriate with business risk appetite;
•Excellent communicator able to influence key stakeholders both inside the organisation and outside (MSPs and suppliers) to reach pragmatic decisions;
•Excellent written and verbal skills to clearly and concisely articulate information security risks to senior business stakeholders;
•Good analytical skills and ability to solve complex problems;
•Sound knowledge in IT and Information security control remediation;
•Ability to influence security good practice behaviours;
•Knowledge of standards such as COBIT, ISO 27001, ISF SOGP, PCI-DSS and GDPR;
Dixons Carphone is Europe's number one electrical and telecommunications retailer and services company, with more than 40,000 colleagues across nine countries, including the UK and Ireland. Every day, we use our people's expertise to reach out and help new customers. What's more - we're exploring extraordinary new markets, from wellness to security, so that in an ever more connected and constantly changing world, we can offer our customers the most comprehensive service.
It's an exciting time to join us and find yourself a place in our growing success story, apply now